Condividi:        

nuovo virus msn ( aiuto )

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

nuovo virus msn ( aiuto )

Postdi jimmy83 » 20/07/09 18:26

salve a tutti,
ho appena preso un virus tramite messenger, penso sia l'ultimo uscito, ora vi descrivo cosa mi è successo:
accedo al messenger e dopo in po' un mio contatto apre la classica finestra di chat scrivendo: sei tu in questa foto? con a seguito un link che sembra uno di myspace.... io lo clicco perchè aveno un account su myspace, si apre una finestrella, io convinto che sia per caricare la foto..... e il gioco è fatto! il mio pc è infetto! poco dopo vari miei contatti mi scrivono di smetterla di contattarli con il solito messaggio che è arrivato a me! ho fatto varie scansioni sia con agv sia con spybot.... ma il problema persiste..... aiutatemi voi! non so più che fare..... :(
jimmy83
Utente Junior
 
Post: 20
Iscritto il: 20/07/09 18:05

Sponsor
 

Re: nuovo virus msn ( aiuto )

Postdi shel » 20/07/09 20:20

ciao

inizia col postare un log di hijackthis

http://www.trendsecure.com/portal/en-US ... kthis.php#

lancia il programma cliccando l’eseguibile e avvia la scansione, scegliendo la voce "Do a system scan and save a logfile"

Salvalo in C:\Programmi nel download
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: nuovo virus msn ( aiuto )

Postdi jimmy83 » 21/07/09 17:02

grazie shel per avermi risposto, ho farro anche una scansione con malwarebites' ma non riesco a completarla perchè mi si riavvia il pc comunque ti posto qui sotto il log di hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17.56.22, on 21/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Temp\ISSCAN\PskSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Programmi\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Windows Live\Family Safety\fsui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Documents and Settings\Proprietario\Desktop\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini16.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
O2 - BHO: (no name) - {08EF10CD-9170-4F7C-A40B-0D78F7B3D57F} - (no file)
O2 - BHO: (no name) - {0EE5DE70-B67C-4EF5-90F3-F1F5508FC464} - (no file)
O2 - BHO: (no name) - {1508D5B3-B8DF-443C-9F61-B10DED27607B} - (no file)
O2 - BHO: (no name) - {17371C2E-A087-408E-8753-F2D0CC76A056} - C:\WINDOWS\system32\ddcAppmm.dll (file missing)
O2 - BHO: (no name) - {35F3BE6D-8816-4123-93E6-33BC5FEF169D} - (no file)
O2 - BHO: (no name) - {38AA74C4-2198-4632-ACB4-F18D812A9007} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {3F5BD97D-5CC2-4CBF-8250-C50B8766F43A} - (no file)
O2 - BHO: (no name) - {4925F8D2-E4E9-4E29-8629-ECB7E5B53298} - (no file)
O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {565229B2-9B76-417C-AB28-029E47C62037} - (no file)
O2 - BHO: (no name) - {58CB7742-1EDE-4192-8743-0400843BDD58} - (no file)
O2 - BHO: (no name) - {58E4BF3C-7B32-4634-A4D6-C2E1EFC199F5} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {5CF3467C-19AF-4E01-83AB-5CB238ACFDF9} - (no file)
O2 - BHO: (no name) - {64A25F87-98CF-4D9F-83A8-E873484D3D25} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {70B3402C-DA8F-429C-9A5A-7AF4EDC00DF0} - (no file)
O2 - BHO: (no name) - {75DFFA52-32FA-4316-A3A7-4387D8B69A86} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: {8f210bd1-7ec7-34c8-e614-c0bc90258c67} - {76c85209-cb0c-416e-8c43-7ce71db012f8} - C:\WINDOWS\system32\fvikok.dll (file missing)
O2 - BHO: (no name) - {76E67D37-BB06-414B-9D76-C4F4B6EBA9E3} - (no file)
O2 - BHO: (no name) - {83EC247B-9CB2-4577-B651-AE653B4C4806} - (no file)
O2 - BHO: (no name) - {88CEFBF2-7A2E-433C-BB63-2E7642FAF429} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9567473C-56CB-4995-95A6-BE546DE637E2} - (no file)
O2 - BHO: (no name) - {98459F1B-A3B9-4712-9FC5-55B83F7A757D} - (no file)
O2 - BHO: (no name) - {A72FB51D-1BB9-4D5B-800D-5D7851DA1453} - (no file)
O2 - BHO: (no name) - {ACDE040D-4A42-4089-A36C-96F213AD7C53} - (no file)
O2 - BHO: (no name) - {B4798D4C-9584-49EE-A57C-8633D02579D8} - (no file)
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O2 - BHO: Google Plus - {C8CD2017-F1E5-4F1A-B58A-EE0B1AF0D0D8} - C:\PROGRA~1\GOOGLE~1\16GOOG~1.DLL
O2 - BHO: (no name) - {C94AA6DE-8954-4BA6-92DB-8466BAC9D2B2} - (no file)
O2 - BHO: (no name) - {D7C9ABE3-A146-412D-B4FC-9423F9E76101} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E03BA089-5D3D-4530-AB90-293577731B99} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E281CF7B-4500-4F2A-80DA-3224E57FEBA8} - (no file)
O2 - BHO: (no name) - {F26CCBD4-FECC-4886-9A38-6DF690ED923F} - (no file)
O2 - BHO: (no name) - {FA3374F5-3779-4475-BDF4-7932AFC8D358} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [5ca89bd3] rundll32.exe "C:\WINDOWS\system32\puonasxl.dll",b
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [soaiy] "c:\documents and settings\proprietario\impostazioni locali\dati applicazioni\soaiy.exe" soaiy
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [mkkgq] "c:\documents and settings\proprietario\impostazioni locali\dati applicazioni\mkkgq.exe" mkkgq
O4 - HKCU\..\Run: [seoyk] "c:\documents and settings\proprietario\impostazioni locali\dati applicazioni\seoyk.exe" seoyk
O4 - HKCU\..\Run: [ekgis] "c:\documents and settings\proprietario\impostazioni locali\dati applicazioni\ekgis.exe" ekgis
O4 - HKCU\..\Run: [kusai] "c:\documents and settings\proprietario\impostazioni locali\dati applicazioni\kusai.exe" kusai
O4 - HKCU\..\Run: [Vidalia] "C:\Programmi\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKCU\..\Run: [aeugy] "c:\documents and settings\proprietario\impostazioni locali\dati applicazioni\aeugy.exe" aeugy
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_1] cmd /c md "C:\Temp" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wdzdsb.dll,bwghmc.dll,casiqi.dll,hkdmmj.dll,ipvpuq.dll,ubxxwi.dll,ldmlbe.dll,lboors.dll,dnmipp.dll,xrxxso.dll,wsjscl.dll,fvikok.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: nnnnNDvt - nnnnNDvt.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Programmi\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PskSvcRetailInst - Panda Security, S.L. - C:\Temp\ISSCAN\PskSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13931 bytes
jimmy83
Utente Junior
 
Post: 20
Iscritto il: 20/07/09 18:05

Re: nuovo virus msn ( aiuto )

Postdi shel » 21/07/09 17:51

ciao

hai un bel po' di ospiti nel pc, soprattutto navipromo

proviamo se combofix riesce a toglierli tutti, altrimenti useremo anche un altro programma


Scarica combofix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

(non installare la recovery console)

Disconnetiti da internet
Disattiva l'antivirus.
Avvia il file ComboFix.exe
Digita 1 per avviare il tool
Segui le istruzioni (non fare nulla durante la scansione, se spariscono le icone dal desktop è normale) e alla fine verrà generato un log.
Finito, posta il log che trovi in C:\Combofix.txt

Non toccare mouse e tastiera durante la scansione




Avvia hijackthis, con tutte le applicazioni chiuse, premi su Do a system scan only , spunta ed elimina (fix checked) le seguenti righe:

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com

O2 - BHO: (no name) - {08EF10CD-9170-4F7C-A40B-0D78F7B3D57F} - (no file)

O2 - BHO: (no name) - {0EE5DE70-B67C-4EF5-90F3-F1F5508FC464} - (no file)

O2 - BHO: (no name) - {1508D5B3-B8DF-443C-9F61-B10DED27607B} - (no file)

O2 - BHO: (no name) - {17371C2E-A087-408E-8753-F2D0CC76A056} - C:\WINDOWS\system32\ddcAppmm.dll (file missing)

O2 - BHO: (no name) - {35F3BE6D-8816-4123-93E6-33BC5FEF169D} - (no file)

O2 - BHO: (no name) - {38AA74C4-2198-4632-ACB4-F18D812A9007} - (no file)

O2 - BHO: (no name) - {3F5BD97D-5CC2-4CBF-8250-C50B8766F43A} - (no file)

O2 - BHO: (no name) - {4925F8D2-E4E9-4E29-8629-ECB7E5B53298} - (no file)

O2 - BHO: XML module - {500BCA15-57A7-4eaf-8143-8C619470B13D} - C:\WINDOWS\system32\msxml71.dll (file missing)

O2 - BHO: (no name) - {565229B2-9B76-417C-AB28-029E47C62037} - (no file)

O2 - BHO: (no name) - {58CB7742-1EDE-4192-8743-0400843BDD58} - (no file)

O2 - BHO: (no name) - {58E4BF3C-7B32-4634-A4D6-C2E1EFC199F5} - (no file)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: (no name) - {5CF3467C-19AF-4E01-83AB-5CB238ACFDF9} - (no file)

O2 - BHO: (no name) - {64A25F87-98CF-4D9F-83A8-E873484D3D25} - (no file)

O2 - BHO: (no name) - {70B3402C-DA8F-429C-9A5A-7AF4EDC00DF0} - (no file)

O2 - BHO: (no name) - {75DFFA52-32FA-4316-A3A7-4387D8B69A86} - (no file)

O2 - BHO: {8f210bd1-7ec7-34c8-e614-c0bc90258c67} - {76c85209-cb0c-416e-8c43-7ce71db012f8} - C:\WINDOWS\system32\fvikok.dll (file missing)

O2 - BHO: (no name) - {76E67D37-BB06-414B-9D76-C4F4B6EBA9E3} - (no file)

O2 - BHO: (no name) - {76E67D37-BB06-414B-9D76-C4F4B6EBA9E3} - (no file)

O2 - BHO: (no name) - {83EC247B-9CB2-4577-B651-AE653B4C4806} - (no file)

O2 - BHO: (no name) - {88CEFBF2-7A2E-433C-BB63-2E7642FAF429} - (no file)

O2 - BHO: (no name) - {9567473C-56CB-4995-95A6-BE546DE637E2} - (no file)

O2 - BHO: (no name) - {98459F1B-A3B9-4712-9FC5-55B83F7A757D} - (no file)

O2 - BHO: (no name) - {A72FB51D-1BB9-4D5B-800D-5D7851DA1453} - (no file)


O2 - BHO: (no name) - {ACDE040D-4A42-4089-A36C-96F213AD7C53} - (no file)

O2 - BHO: (no name) - {B4798D4C-9584-49EE-A57C-8633D02579D8} - (no file)

O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)

O2 - BHO: (no name) - {C94AA6DE-8954-4BA6-92DB-8466BAC9D2B2} - (no file)

O2 - BHO: (no name) - {D7C9ABE3-A146-412D-B4FC-9423F9E76101} - (no file)

O2 - BHO: (no name) - {E03BA089-5D3D-4530-AB90-293577731B99} - (no file)

O2 - BHO: (no name) - {E281CF7B-4500-4F2A-80DA-3224E57FEBA8} - (no file)

O2 - BHO: (no name) - {F26CCBD4-FECC-4886-9A38-6DF690ED923F} - (no file)

O2 - BHO: (no name) - {FA3374F5-3779-4475-BDF4-7932AFC8D358} - (no file)

O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)

O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)

O4 - HKCU\..\Run: [soaiy] "c:\documents and settings\proprietario\impostazioni locali\dati applicazioni\soaiy.exe" soaiy

O4 - HKCU\..\Run: [mkkgq] "c:\documents and settings\proprietario\impostazioni locali\dati applicazioni\mkkgq.exe" mkkgq

O4 - HKCU\..\Run: [seoyk] "c:\documents and settings\proprietario\impostazioni locali\dati applicazioni\seoyk.exe" seoyk

O4 - HKCU\..\Run: [ekgis] "c:\documents and settings\proprietario\impostazioni locali\dati applicazioni\ekgis.exe" ekgis

O4 - HKCU\..\Run: [kusai] "c:\documents and settings\proprietario\impostazioni locali\dati applicazioni\kusai.exe" kusai

O4 - HKCU\..\Run: [aeugy] "c:\documents and settings\proprietario\impostazioni locali\dati applicazioni\aeugy.exe" aeugy

O20 - AppInit_DLLs: wdzdsb.dll,bwghmc.dll,casiqi.dll,hkdmmj.dll,ipvpuq.dll,ubxxwi.dll,ldmlbe.dll,lbo ors.dll,dnmipp.dll,xrxxso.dll,wsjscl.dll,fvikok.dll

O20 - Winlogon Notify: nnnnNDvt - nnnnNDvt.dll (file missing)
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: nuovo virus msn ( aiuto )

Postdi jimmy83 » 21/07/09 18:12

allora 20 minuti fa sono riuscito a fare una scansione con malwarebytes' e ho rimosso un bel po' di roba, ora rifaccio la scansione con hijackthis e ti metto il post, 10 minuti e sono qui
jimmy83
Utente Junior
 
Post: 20
Iscritto il: 20/07/09 18:05

Re: nuovo virus msn ( aiuto )

Postdi jimmy83 » 21/07/09 18:13

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19.13.18, on 21/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Temp\ISSCAN\PskSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Windows Live\Family Safety\fsui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Proprietario\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini16.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\,
O2 - BHO: (no name) - {08EF10CD-9170-4F7C-A40B-0D78F7B3D57F} - (no file)
O2 - BHO: (no name) - {0EE5DE70-B67C-4EF5-90F3-F1F5508FC464} - (no file)
O2 - BHO: (no name) - {1508D5B3-B8DF-443C-9F61-B10DED27607B} - (no file)
O2 - BHO: (no name) - {17371C2E-A087-408E-8753-F2D0CC76A056} - C:\WINDOWS\system32\ddcAppmm.dll (file missing)
O2 - BHO: (no name) - {35F3BE6D-8816-4123-93E6-33BC5FEF169D} - (no file)
O2 - BHO: (no name) - {38AA74C4-2198-4632-ACB4-F18D812A9007} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {3F5BD97D-5CC2-4CBF-8250-C50B8766F43A} - (no file)
O2 - BHO: (no name) - {4925F8D2-E4E9-4E29-8629-ECB7E5B53298} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {565229B2-9B76-417C-AB28-029E47C62037} - (no file)
O2 - BHO: (no name) - {58CB7742-1EDE-4192-8743-0400843BDD58} - (no file)
O2 - BHO: (no name) - {58E4BF3C-7B32-4634-A4D6-C2E1EFC199F5} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {5CF3467C-19AF-4E01-83AB-5CB238ACFDF9} - (no file)
O2 - BHO: (no name) - {64A25F87-98CF-4D9F-83A8-E873484D3D25} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {70B3402C-DA8F-429C-9A5A-7AF4EDC00DF0} - (no file)
O2 - BHO: (no name) - {75DFFA52-32FA-4316-A3A7-4387D8B69A86} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {76E67D37-BB06-414B-9D76-C4F4B6EBA9E3} - (no file)
O2 - BHO: (no name) - {83EC247B-9CB2-4577-B651-AE653B4C4806} - (no file)
O2 - BHO: (no name) - {88CEFBF2-7A2E-433C-BB63-2E7642FAF429} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9567473C-56CB-4995-95A6-BE546DE637E2} - (no file)
O2 - BHO: (no name) - {98459F1B-A3B9-4712-9FC5-55B83F7A757D} - (no file)
O2 - BHO: (no name) - {A72FB51D-1BB9-4D5B-800D-5D7851DA1453} - (no file)
O2 - BHO: (no name) - {ACDE040D-4A42-4089-A36C-96F213AD7C53} - (no file)
O2 - BHO: (no name) - {B4798D4C-9584-49EE-A57C-8633D02579D8} - (no file)
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O2 - BHO: Google Plus - {C8CD2017-F1E5-4F1A-B58A-EE0B1AF0D0D8} - C:\PROGRA~1\GOOGLE~1\16GOOG~1.DLL
O2 - BHO: (no name) - {C94AA6DE-8954-4BA6-92DB-8466BAC9D2B2} - (no file)
O2 - BHO: (no name) - {D7C9ABE3-A146-412D-B4FC-9423F9E76101} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E03BA089-5D3D-4530-AB90-293577731B99} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E281CF7B-4500-4F2A-80DA-3224E57FEBA8} - (no file)
O2 - BHO: (no name) - {F26CCBD4-FECC-4886-9A38-6DF690ED923F} - (no file)
O2 - BHO: (no name) - {FA3374F5-3779-4475-BDF4-7932AFC8D358} - (no file)
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [5ca89bd3] rundll32.exe "C:\WINDOWS\system32\puonasxl.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Vidalia] "C:\Programmi\Vidalia Bundle\Vidalia\vidalia.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_1] cmd /c md "C:\Temp" (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A51E23A-3862-41B3-866C-194F9F68C6A5}: NameServer = 85.37.17.43 85.38.28.96
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A51E23A-3862-41B3-866C-194F9F68C6A5}: NameServer = 85.37.17.43 85.38.28.96
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: wdzdsb.dll,bwghmc.dll,casiqi.dll,hkdmmj.dll,ipvpuq.dll,ubxxwi.dll,ldmlbe.dll,lboors.dll,dnmipp.dll,xrxxso.dll,wsjscl.dll,fvikok.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: nnnnNDvt - nnnnNDvt.dll (file missing)
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Programmi\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PskSvcRetailInst - Panda Security, S.L. - C:\Temp\ISSCAN\PskSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 13060 bytes
jimmy83
Utente Junior
 
Post: 20
Iscritto il: 20/07/09 18:05

Re: nuovo virus msn ( aiuto )

Postdi shel » 21/07/09 18:22

devi fare la scansione con combofix, semmai hijackthis lo esegui dopo

vorrei anche vedere cosa ha trovato malwarebytes
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: nuovo virus msn ( aiuto )

Postdi jimmy83 » 21/07/09 19:45

risultato combofix

ComboFix 09-07-20.05 - Proprietario 21/07/2009 19.44.05.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.39.1040.18.2038.1379 [GMT 2:00]
Eseguito da: c:\documents and settings\Proprietario\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\gsgyces.exe
c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\gsgyces_nav.dat
c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\gsgyces_navps.dat
C:\installo.exe
c:\programmi\GooglePlusVideos
c:\programmi\GooglePlusVideos\16.GooglePlusVideos.dll
c:\programmi\GooglePlusVideos\DeploymentHelper.exe
c:\programmi\GooglePlusVideos\FFExt\chrome.manifest
c:\programmi\GooglePlusVideos\FFExt\chrome\content\googleplusvideos.xul
c:\programmi\GooglePlusVideos\FFExt\chrome\content\script-injector.js
c:\programmi\GooglePlusVideos\FFExt\install.rdf
c:\programmi\GooglePlusVideos\GooglePlusVideosLicense.txt
c:\programmi\GooglePlusVideos\GVConfig.ini
c:\programmi\GooglePlusVideos\MFC42U.DLL
c:\programmi\GooglePlusVideos\Uninstall.bat
c:\programmi\WinPCap
c:\programmi\WinPCap\rpcapd.exe
c:\windows\Installer\655740.msi
c:\windows\Installer\b268fe.msi
c:\windows\system32\axrtdmix.ini
c:\windows\system32\bkyweiff.ini
c:\windows\system32\cbxoxsca.ini
c:\windows\system32\ddyqufrs.ini
c:\windows\system32\drivers\npf.sys
c:\windows\system32\dyqowfdj.ini
c:\windows\system32\fawidbja.ini
c:\windows\system32\iiuhffhi.ini
c:\windows\system32\ioaithxu.ini
c:\windows\system32\jomersrk.ini
c:\windows\system32\jrbksfba.ini
c:\windows\system32\koopggcc.ini
c:\windows\system32\kqpnqfok.ini
c:\windows\system32\lxsanoup.ini
c:\windows\system32\mmppAcdd.ini
c:\windows\system32\mmppAcdd.ini2
c:\windows\system32\mthuqpif.ini
c:\windows\system32\Packet.dll
c:\windows\system32\picupshp.ini
c:\windows\system32\pthreadVC.dll
c:\windows\system32\qjsbdosf.ini
c:\windows\system32\qtubsttc.ini
c:\windows\system32\sglaqeug.ini
c:\windows\system32\smuxtlff.ini
c:\windows\system32\tydgtlgk.ini
c:\windows\system32\ucbtdecm.ini
c:\windows\system32\vopljijn.ini
c:\windows\system32\vtfnmyvk.ini
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
c:\windows\Tasks\jzosjink.job

.
((((((((((((((((((((((((((((((((((((((( Driver/Servizi )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf


((((((((((((((((((((((((( Files Creati Da 2009-06-21 al 2009-07-21 )))))))))))))))))))))))))))))))))))
.

2009-07-21 17:46 . 2009-07-21 17:46 60416 ----a-w- c:\temp\Perflib_Perfdata__755.dat
2009-07-21 15:51 . 2009-07-21 15:51 -------- d-----w- c:\temp\plugtmp-1
2009-07-20 18:25 . 2009-07-20 18:25 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Malwarebytes
2009-07-20 18:25 . 2009-07-13 11:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-20 18:25 . 2009-07-20 18:25 -------- d-----w- c:\programmi\Malwarebytes' Anti-Malware
2009-07-20 18:25 . 2009-07-20 18:25 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Malwarebytes
2009-07-20 18:25 . 2009-07-13 11:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-20 16:48 . 2009-07-20 17:00 -------- d-----w- c:\temp\plugtmp
2009-07-13 09:13 . 2009-07-13 09:13 -------- d-----w- c:\temp\MessengerCache
2009-07-11 14:52 . 2009-07-11 14:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-07-11 14:52 . 2009-07-11 14:52 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-07-11 14:52 . 2009-07-11 14:52 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-11 14:52 . 2009-07-11 14:52 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-07-11 14:52 . 2009-07-21 15:45 -------- d-----w- c:\windows\system32\drivers\Avg
2009-07-11 14:52 . 2009-07-21 17:36 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\avg8
2009-07-11 14:52 . 2009-07-11 14:52 -------- d-----w- c:\programmi\AVG
2009-07-11 14:47 . 2009-07-11 14:47 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\AVG8
2009-07-11 14:40 . 2009-07-21 17:45 -------- d-----w- c:\temp\ISSCAN
2009-07-11 14:38 . 2009-07-11 14:47 -------- d-----w- c:\programmi\File comuni\Panda Security
2009-06-28 12:09 . 2009-06-28 12:12 -------- d-----w- C:\Downloads

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-21 17:50 . 2008-10-20 16:23 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Skype
2009-07-21 15:44 . 2008-10-20 16:24 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\skypePM
2009-07-13 16:10 . 2008-10-08 15:58 -------- d-----w- c:\programmi\Intel
2009-07-13 16:08 . 2006-04-10 12:00 84900 ----a-w- c:\windows\system32\perfc010.dat
2009-07-13 16:08 . 2006-04-10 12:00 490302 ----a-w- c:\windows\system32\perfh010.dat
2009-07-13 09:58 . 2008-10-08 16:11 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2009-07-12 08:25 . 2008-10-08 16:11 -------- d-----w- c:\programmi\Spybot - Search & Destroy
2009-07-11 14:41 . 2008-10-08 16:14 -------- d--h--w- c:\programmi\InstallShield Installation Information
2009-07-06 15:46 . 2009-05-17 09:36 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\U3
2009-07-02 18:20 . 2008-10-11 11:10 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\uTorrent
2009-07-02 16:55 . 2008-10-11 12:13 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Nokia
2009-06-18 18:38 . 2008-10-10 17:06 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\HP
2009-06-14 18:28 . 2009-06-14 18:28 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Games-Attack
2009-06-14 08:50 . 2008-12-26 11:33 -------- d-----w- c:\programmi\Microsoft ActiveSync
2009-06-13 15:54 . 2009-02-14 09:33 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\Image Zone Express
2009-06-09 18:41 . 2009-06-09 18:39 -------- d-----w- c:\documents and settings\Proprietario\Dati applicazioni\mIRC
2009-06-08 18:47 . 2009-06-08 18:47 110864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\t\type_3reelnormal1_2.6d58a1bcaf1d9165fa0b77fa9598b623.dll
2009-06-08 18:12 . 2009-06-08 18:12 421888 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\l\lua51host.65f8dee3181dee3bfc68ab23c9f2782b.dll
2009-06-08 18:12 . 2009-06-08 18:12 225280 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\m\myslot.14d73c530d6c095843c7fbfb86364c4e.dll
2009-06-08 18:04 . 2009-06-08 18:04 114960 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\t\type_5reelnormal3_4_5.07db0a5618a0565d7bde7a2766c54711.dll
2009-06-08 18:04 . 2009-06-08 18:04 213264 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\g\gamble2.9d7f0f3cf78a68d28fc5a3e77fdc77da.dll
2009-06-08 18:04 . 2009-06-08 18:04 176400 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\g\gamble.212eaf21a4805f8521d0d0c57b6a933b.dll
2009-06-08 18:04 . 2009-06-08 18:04 86016 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\g\gambleplugin.c4d8c6f5542066f894b7f2e575038afb.dll
2009-06-08 18:04 . 2009-06-08 18:04 307472 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\g\gamble2_tggg.436ea9e59e2a2b9a2106e598920cba26.dll
2009-06-08 18:04 . 2009-06-08 18:04 221456 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\g\gamble2_temp.5a22e38498bf34a124cc458bf6408ad3.dll
2009-06-08 18:04 . 2009-06-08 18:04 602112 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\g\gamble2_flightzone.d149c5c0a243e45a82d87b40855052ab.dll
2009-06-08 18:04 . 2009-06-08 18:04 204905 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\t\thunderstruck.0cc1be68d215832fa06fc779c0b3e069.dll
2009-06-08 18:02 . 2009-06-08 18:02 213264 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\c\choosebonus.df815bbfb8ae7a29a353f0ae65e4af17.dll
2009-06-08 18:00 . 2009-06-08 18:00 323856 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\h\hitmancontractbonus.339a969d902930975b3194643e289fc9.dll
2009-06-08 18:00 . 2009-06-08 18:00 367747 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\m\mptleaderboard.91fac472d1ff352976950258719d35a2.dll
2009-06-08 18:00 . 2009-06-08 18:00 327784 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\m\mpvtabletournamentlobby.fea1be7b63b308e9fdb6e8d4bd356052.dll
2009-06-08 17:59 . 2009-06-08 17:59 303204 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\m\mpvblackjackplugin.49e5f42fbdf0e1e2df5232e5ea419897.dll
2009-06-08 17:59 . 2009-06-08 17:59 311398 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\m\mpvblackjacktourxxx.e4ccb563efd75763602af7373fbd8cec.dll
2009-06-08 17:58 . 2009-06-08 17:58 45056 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\e\euroblackjackstrategy.9c188ef9cd6c03e5b4bd398d23041cd2.dll
2009-06-08 17:58 . 2009-06-08 17:58 229483 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\e\euroblackjack.6c6f541acc24f3244c0a64fa851edca8.dll
2009-06-08 17:58 . 2009-06-08 17:58 376832 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\e\europeanblackjack.cb403a5bad6b43e2910d2e09c35c47ed.dll
2009-06-08 17:57 . 2009-06-08 17:57 262416 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\t\transition_temp.c6aaf42b66fa6688c8ea18a671984287.dll
2009-06-08 17:57 . 2009-06-08 17:57 909584 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\a\advancedslots1_temp.05f0b16a67acb189be99508aa088d348.dll
2009-06-08 17:57 . 2009-06-08 17:57 45328 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\x\xmlparserplugin.57e9fd94cbd592ad475a3ca59462730f.dll
2009-06-08 17:57 . 2009-06-08 17:57 1216512 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\a\advancedslots1xxx_flightzone.a761e5b6d3a2ea66d5501258ee2ed22b.dll
2009-06-08 17:56 . 2009-06-08 17:56 663824 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\a\advancedslots1xxx.53bb68e70e798b2ecdf8b9f3b7384e99.dll
2009-06-08 17:56 . 2009-06-08 17:56 1249399 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\a\advancedslots1xxx_tggg.a33335318f7b89139ecd4652b6e8c4b9.dll
2009-06-08 17:56 . 2009-06-08 17:56 499984 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\s\simplepickxofybonus.4968e33b858e6c30beb0ac4b11a9c459.dll
2009-06-08 17:56 . 2009-06-08 17:56 151552 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\p\progressive.8fe1347dac5a6804834d35e86c789f9a.dll
2009-06-08 17:56 . 2009-06-08 17:56 159744 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\p\progressive_temp.979c9e04248bf52052c2caf1e627d86b.dll
2009-06-08 17:56 . 2009-06-08 17:56 131072 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\r\rouletteroyale.78fbb4e6860f34eb015928fa5c78c605.dll
2009-06-08 17:56 . 2009-06-08 17:56 114688 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\e\euroroulette.fa2b524975a5d8bbc30203d094e2b084.dll
2009-06-08 17:55 . 2009-06-08 17:55 1032192 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\s\simplepickxofybonus_flightzone.4d281f29a7152da50722695b99821fe6.dll
2009-06-08 17:55 . 2009-06-08 17:55 655360 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\t\transition_flightzone.2d8aa10da872f1ac4a34a2122bf3c4b2.dll
2009-06-08 17:55 . 2009-06-08 17:55 672016 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\a\advancedslots1xxx_temp.20587ea0b10b8a6428639d5dfe4fb9c2.dll
2009-06-08 17:55 . 2009-06-08 17:55 266512 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\t\transition_tggg.399218aff849d2e187d4554dd62a73b6.dll
2009-06-08 17:55 . 2009-06-08 17:55 643344 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\a\advancedslots1xxx_temp2.42ac279a5f1c55ac224683685ec4fc49.dll
2009-06-08 17:54 . 2009-06-08 17:54 508176 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\s\simplepickxofybonus_temp.556fffdfd1bc700038c0a1370a1eb004.dll
2009-06-08 17:54 . 2009-06-08 17:54 1904753 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\a\advancedslots1_tggg.6e62948f458013fa99694cc031068e8a.dll
2009-06-08 17:54 . 2009-06-08 17:54 829840 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\m\mptadvancedslots.039a84427e76ab4e1715f80765a76305.dll
2009-06-08 17:54 . 2009-06-08 17:54 122880 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\x\xmlparserplugin_mt.7619c07631f1fc927d66a473e3f53a46.dll
2009-06-08 17:54 . 2009-06-08 17:54 254224 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\t\transition.26c3e2ce55c7cca8b63e5e8d7b4627e4.dll
2009-06-08 17:53 . 2009-06-08 17:53 823568 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\a\advancedslots1_temp2.198f2a88c7f89c1d0b1ded39e546e22b.dll
2009-06-08 17:53 . 2009-06-08 17:53 823568 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\a\advancedslots1.d6634c03808be76623e7497fcb1eb424.dll
2009-06-08 17:53 . 2009-06-08 17:53 944033 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\m\mpvslotxxx.e5675e7198cee47ae84db3a4020d9441.dll
2009-06-08 17:53 . 2009-06-08 17:53 1626112 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\a\advancedslots1_flightzone.40d3a7b3fae72091b79e1759db110c70.dll
2009-06-08 17:53 . 2009-06-08 17:53 524560 ----a-w- c:\documents and settings\All Users\Dati applicazioni\MGS\cache\s\simplepickxofybonus_tggg.f8ba0ccac248b6026b2705996790640a.dll
2009-06-08 17:53 . 2009-06-08 17:46 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\MGS
2009-06-01 13:09 . 2008-12-07 09:53 -------- d-----w- c:\documents and settings\All Users\Dati applicazioni\Installations
2009-06-01 13:09 . 2008-10-11 12:05 -------- d-----w- c:\programmi\Nokia
2009-06-01 13:08 . 2008-12-07 09:57 -------- d-----w- c:\programmi\File comuni\Nokia
2009-06-01 13:08 . 2009-06-01 13:08 3351812 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\msxml6Exec.exe
2009-06-01 13:08 . 2009-06-01 13:08 36864 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\Sleep.exe
2009-06-01 13:08 . 2009-06-01 13:08 3181612 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\Installer\CommonCustomActions\vcredistExec.exe
2009-06-01 13:07 . 2009-06-01 13:08 24384200 ----a-w- c:\documents and settings\All Users\Dati applicazioni\Installations\{9F59C3AE-81B0-4EF6-9762-D674BB079705}\NokiaSoftwareUpdaterSetup_it(2).exe
2009-05-19 19:52 . 2009-05-19 19:52 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-17 10:13 . 2008-10-08 14:16 18048 ----a-w- c:\documents and settings\Proprietario\Impostazioni locali\Dati applicazioni\GDIPFONTCACHEV1.DAT
2009-05-07 15:32 . 2008-04-13 17:13 347648 ----a-w- c:\windows\system32\localspl.dll
2009-05-06 20:13 . 2009-05-06 20:13 49152 ----a-r- c:\windows\system32\inetwh32.dll
2009-05-06 20:13 . 2009-05-06 20:13 1044480 ----a-r- c:\windows\system32\roboex32.dll
2009-04-29 04:45 . 2008-09-26 08:51 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:44 . 2008-09-26 08:50 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-13 11:46 . 2008-10-10 17:23 134648 ----a-w- c:\programmi\mozilla firefox\components\brwsrcmp.dll
2009-01-25 12:57 . 2009-01-25 12:57 28672 ----a-w- c:\programmi\mozilla firefox\components\GooglePlusVideosXPCOM.dll
.

------- Sigcheck -------

[-] 2008-11-11 16:24 510464 90F406811EE1EEE294792D00E21CA16C c:\windows\system32\winlogon.exe

[-] 2008-09-26 08:52 1571840 3316C8A8EC07A9D4C0BE10310809A9E5 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"SpybotSD TeaTimer"="c:\programmi\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"msnmsgr"="c:\programmi\Windows Live\Messenger\MsnMsgr.Exe" [2009-02-06 3885408]
"Nokia.PCSync"="c:\programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"PC Suite Tray"="c:\programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-08-11 1124352]
"CTSyncU.exe"="c:\programmi\Creative\Sync Manager Unicode\CTSyncU.exe" [2006-08-07 700416]
"Skype"="c:\programmi\Skype\\Phone\Skype.exe" [2009-05-26 24264488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-04-17 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-04-17 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-04-17 141848]
"HP Software Update"="c:\programmi\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Motive SmartBridge"="c:\progra~1\ALICET~1\SMARTB~1\MotiveSB.exe" [2006-04-21 438359]
"fssui"="c:\programmi\Windows Live\Family Safety\fsui.exe" [2009-02-06 454000]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-07-11 1948440]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-05-07 16862208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]
"_nltide_1"="md" [X]
"_nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2009-04-29 124928]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - c:\programmi\Alice ti aiuta\bin\matcli.exe [2008-10-10 217088]
BTTray.lnk - c:\programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-4-1 568176]
HP Digital Imaging Monitor.lnk - c:\programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-07-11 14:52 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Programmi\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"c:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"c:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programmi\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgemc.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"c:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Programmi\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"53:UDP"= 53:UDP:Promo

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [11/07/2009 16.52.53 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [11/07/2009 16.52.58 108552]
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054};c:\programmi\CyberLink\PowerDVD8\000.fcl [01/02/2008 17.24.04 41456]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [11/07/2009 16.52.32 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [11/07/2009 16.52.32 298776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [20/12/2008 13.35.00 55152]
R2 fsssvc;Windows Live Family Safety;c:\programmi\Windows Live\Family Safety\fsssvc.exe [06/02/2009 19.08.58 533360]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\programmi\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe [28/02/2007 18.12.12 208896]
R3 dfmirage;dfmirage;c:\windows\system32\drivers\dfmirage.sys [25/11/2005 17.43.48 31896]
S2 PskSvcRetailInst;PskSvcRetailInst;c:\temp\ISSCAN\PskSvc.exe --> c:\temp\ISSCAN\PskSvc.exe [?]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [01/06/2009 15.09.13 136704]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [01/06/2009 15.09.14 8320]
.
Contenuto della cartella 'Scheduled Tasks'

2009-07-21 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-07-21 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 15:04]

2009-07-21 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-09 20:18]
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{08EF10CD-9170-4F7C-A40B-0D78F7B3D57F} - (no file)
BHO-{0EE5DE70-B67C-4EF5-90F3-F1F5508FC464} - (no file)
BHO-{1508D5B3-B8DF-443C-9F61-B10DED27607B} - (no file)
BHO-{17371C2E-A087-408E-8753-F2D0CC76A056} - c:\windows\system32\ddcAppmm.dll
BHO-{35F3BE6D-8816-4123-93E6-33BC5FEF169D} - (no file)
BHO-{38AA74C4-2198-4632-ACB4-F18D812A9007} - (no file)
BHO-{3F5BD97D-5CC2-4CBF-8250-C50B8766F43A} - (no file)
BHO-{4925F8D2-E4E9-4E29-8629-ECB7E5B53298} - (no file)
BHO-{565229B2-9B76-417C-AB28-029E47C62037} - (no file)
BHO-{58CB7742-1EDE-4192-8743-0400843BDD58} - (no file)
BHO-{58E4BF3C-7B32-4634-A4D6-C2E1EFC199F5} - (no file)
BHO-{5CF3467C-19AF-4E01-83AB-5CB238ACFDF9} - (no file)
BHO-{64A25F87-98CF-4D9F-83A8-E873484D3D25} - (no file)
BHO-{70B3402C-DA8F-429C-9A5A-7AF4EDC00DF0} - (no file)
BHO-{75DFFA52-32FA-4316-A3A7-4387D8B69A86} - (no file)
BHO-{76E67D37-BB06-414B-9D76-C4F4B6EBA9E3} - (no file)
BHO-{83EC247B-9CB2-4577-B651-AE653B4C4806} - (no file)
BHO-{88CEFBF2-7A2E-433C-BB63-2E7642FAF429} - (no file)
BHO-{9567473C-56CB-4995-95A6-BE546DE637E2} - (no file)
BHO-{98459F1B-A3B9-4712-9FC5-55B83F7A757D} - (no file)
BHO-{A72FB51D-1BB9-4D5B-800D-5D7851DA1453} - (no file)
BHO-{ACDE040D-4A42-4089-A36C-96F213AD7C53} - (no file)
BHO-{B4798D4C-9584-49EE-A57C-8633D02579D8} - (no file)
BHO-{C8CD2017-F1E5-4F1A-B58A-EE0B1AF0D0D8} - (no file)
BHO-{C94AA6DE-8954-4BA6-92DB-8466BAC9D2B2} - (no file)
BHO-{D7C9ABE3-A146-412D-B4FC-9423F9E76101} - (no file)
BHO-{E03BA089-5D3D-4530-AB90-293577731B99} - (no file)
BHO-{E281CF7B-4500-4F2A-80DA-3224E57FEBA8} - (no file)
BHO-{F26CCBD4-FECC-4886-9A38-6DF690ED923F} - (no file)
BHO-{FA3374F5-3779-4475-BDF4-7932AFC8D358} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
HKCU-Run-Vidalia - c:\programmi\Vidalia Bundle\Vidalia\vidalia.exe
HKLM-Run-NBKeyScan - c:\programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
HKLM-Run-5ca89bd3 - c:\windows\system32\puonasxl.dll
HKLM-Run-NWEReboot - (no file)
Notify-nnnnNDvt - nnnnNDvt.dll


.
------- Scansione supplementare -------
.
uStart Page = hxxp://google.mini16.com
mStart Page = hxxp://home.sweetim.com
uInternet Settings,ProxyOverride = 127.0.0.1
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Invia a periferica &Bluetooth... - c:\programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Proprietario\Dati applicazioni\Mozilla\Firefox\Profiles\1iv2galz.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://it.yahoo.com/
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com/?loc=ff_ ... ar&search=
FF - component: c:\programmi\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\programmi\Mozilla Firefox\components\GooglePlusVideosXPCOM.dll
FF - component: c:\programmi\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
FF - plugin: c:\programmi\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\programmi\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-21 19:48
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}]
"ImagePath"="\??\c:\programmi\CyberLink\PowerDVD8\000.fcl"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*]
"0140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents]
@Denied: (Full) (LocalSystem)
"OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,fd
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'explorer.exe'(3252)
c:\progra~1\ALICET~1\SMARTB~1\SBHook.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\programmi\Nokia\Nokia PC Suite 7\phonebrowser.dll
c:\programmi\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\programmi\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_ita.nlr
c:\programmi\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Altri processi in esecuzione ------------------------
.
c:\programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\CTSVCCDA.EXE
c:\programmi\Java\jre6\bin\jqs.exe
c:\programmi\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programmi\AVG\AVG8\avgcsrvx.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\wmiapsrv.exe
c:\programmi\Skype\Phone\Skype.exe
c:\programmi\Alice ti aiuta\bin\mpbtn.exe
c:\programmi\PC Connectivity Solution\ServiceLayer.exe
c:\programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclBCBTSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
c:\programmi\HP\Digital Imaging\bin\hpqste08.exe
c:\programmi\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Ora fine scansione: 2009-07-21 19.52.02 - Il pc è stato riavviato
ComboFix-quarantined-files.txt 2009-07-21 17:51

Pre-Run: 112.565.039.104 byte disponibili
Post-Run: 113.529.049.088 byte disponibili

WindowsXP-KB310994-SP2-Pro-BootDisk-ITA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

389 --- E O F --- 2009-06-10 17:32

risultato malwarebytes' prima scansione

Malwarebytes' Anti-Malware 1.39
Versione del database: 2467
Windows 5.1.2600 Service Pack 3

21/07/2009 18.56.51
mbam-log-2009-07-21 (18-56-47).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 86911
Tempo trascorso: 6 minute(s), 48 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 2
Chiavi di registro infette: 41
Valori di registro infetti: 9
Elementi dato del registro infetti: 6
Cartelle infette: 1
File infetti: 10

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
C:\Programmi\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> No action taken.
C:\Programmi\GooglePlusVideos\16.GooglePlusVideos.dll (Hijack.Search) -> No action taken.

Chiavi di registro infette:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{76c85209-cb0c-416e-8c43-7ce71db012f8} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{76c85209-cb0c-416e-8c43-7ce71db012f8} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge (Hijack.Search) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e3cfdfe-79c8-4225-81b9-20fc99da6972} (Hijack.Search) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.Search) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.Search) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.Search) -> No action taken.
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge.1 (Hijack.Search) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{40196867-19f8-7157-c097-ecaff653c9ad} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{90b8b761-df2b-48ac-bbe0-bcc03a819b3b} (Adware.Zango) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18ea9-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Cognac (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\contim (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\ColdWare (Malware.Trace) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5ca89bd3 (Trojan.Vundo.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\soaiy (Trojan.Agent.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mkkgq (Trojan.Agent.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\seoyk (Trojan.Agent.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ekgis (Trojan.Agent.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kusai (Trojan.Agent.H) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\aeugy (Trojan.Agent.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network\UID (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> No action taken.

Elementi dato del registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: c:\windows\system32\twex.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Backdoor.Bot) -> Data: system32\twex.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,) Good: (Userinit.exe) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Cartelle infette:
C:\WINDOWS\system32\twain32 (Backdoor.Bot) -> No action taken.

File infetti:
C:\WINDOWS\system32\fvikok.dll (Trojan.Vundo.H) -> No action taken.
C:\Programmi\Windows Live\Messenger\msimg32.dll (Adware.MyWebSearch) -> No action taken.
C:\Programmi\GooglePlusVideos\16.GooglePlusVideos.dll (Hijack.Search) -> No action taken.
c:\windows\system32\twex.exe (Backdoor.Bot) -> No action taken.
c:\hypfesd.exe (Backdoor.Bot) -> No action taken.
c:\rots.exe (Backdoor.Bot) -> No action taken.
c:\windows\system32\twain32\local.ds (Backdoor.Bot) -> No action taken.
c:\windows\system32\twain32\user.ds (Backdoor.Bot) -> No action taken.
c:\WINDOWS\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\Tasks\{783AF354-B514-42d6-970E-3E8BF0A5279C}.job (Trojan.Downloader) -> No action taken.

risultato seconda scansione malwarebytes' dopo aver rimosso ciò che sapevo

Malwarebytes' Anti-Malware 1.39
Versione del database: 2467
Windows 5.1.2600 Service Pack 3

21/07/2009 19.08.21
log2

Tipo di scansione: Scansione rapida
Elementi scansionati: 86682
Tempo trascorso: 3 minute(s), 54 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 6
Valori di registro infetti: 1
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge (Hijack.Search) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{1e3cfdfe-79c8-4225-81b9-20fc99da6972} (Hijack.Search) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.Search) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.Search) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c8cd2017-f1e5-4f1a-b58a-ee0b1af0d0d8} (Hijack.Search) -> No action taken.
HKEY_CLASSES_ROOT\googleplusvideos.bhobridge.1 (Hijack.Search) -> No action taken.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5ca89bd3 (Trojan.Vundo.H) -> No action taken.

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Programmi\GooglePlusVideos\16.GooglePlusVideos.dll (Hijack.Search) -> No action taken.

risultato Hijack dopo combofix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.43.41, on 21/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Windows Live\Family Safety\fsui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\Skype\Phone\Skype.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Proprietario\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini16.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_1] cmd /c md "C:\Temp" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A51E23A-3862-41B3-866C-194F9F68C6A5}: NameServer = 85.37.17.43 85.38.28.96
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A51E23A-3862-41B3-866C-194F9F68C6A5}: NameServer = 85.37.17.43 85.38.28.96
O17 - HKLM\System\CS2\Services\Tcpip\..\{2A51E23A-3862-41B3-866C-194F9F68C6A5}: NameServer = 85.37.17.43 85.38.28.96
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Programmi\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PskSvcRetailInst - Unknown owner - C:\Temp\ISSCAN\PskSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 9525 bytes
e questo è quanto
jimmy83
Utente Junior
 
Post: 20
Iscritto il: 20/07/09 18:05

Re: nuovo virus msn ( aiuto )

Postdi shel » 21/07/09 20:11

hai fatto un minestrone dove non si capisce molto

dovresti separare i log, ma oramai quello che e' stato lasciamolo cosiì

riavvia malwarebytes ed elimina tutto



scarica navilog1.exe_il mafioso sul desktop e installalo.

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

Riavvia il computer in modalità provvisoria: all'avvio del pc, prima che inizi a caricare Windows, premi ripetutamente F8. Uscirà la finestra del menu Opzioni avanzate di Windows => scegli modalità provvisoria (usa il tasto freccia ^).
Esegui Navilog1 e scegli l'opzione 2 (Automatic Cleaning) e dai l'ok (eseguirà la pulizia dei files infetti trovati)
Quando finisce, riavvia il pc in modalità normale

Posta il log che rilascia lo trovi in C:\ come fixnavi.txt
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: nuovo virus msn ( aiuto )

Postdi jimmy83 » 22/07/09 19:40

ciao, il navilog1 non mi ha lasiato il log, ovvero me l'ha fatto vedere ma non l'ha salvato. Comunque sia ho rifatto il procedimento e ho salvato il log:

Fix Navipromo version 4.0.1 began on 22/07/2009 20.28.15,17

!!! Warning, this report may include legitimate files/programs!!!
!!! Post this report on the forum you are being helped !!!

Fix running from C:\Programmi\navilog1

Updated on 18.07.2009 at 11h00 by IL-MAFIOSO

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : Intel(R) Pentium(R) Dual CPU E2160 @ 1.80GHz )
BIOS : Default System BIOS
USER : Proprietario ( Administrator )
BOOT : Fail-safe boot

Antivirus : AVG Anti-Virus Free 8.5 (Activated)


A:\ (USB)
C:\ (Local Disk) - NTFS - Total:116 Go (Free:105 Go)
D:\ (CD or DVD)


Search done in safe mode


No Infection Navipromo/Egdaccess Found



*** Scan completed 22/07/2009 20.29.15,50 ***
jimmy83
Utente Junior
 
Post: 20
Iscritto il: 20/07/09 18:05

Re: nuovo virus msn ( aiuto )

Postdi shel » 23/07/09 11:09

fai questo controllo

vai nel pannello di controllo\strumenti\ opzioni internet\ scheda "contenuto" e cerca i certificati

Electronic-Group certificate
OOO-Favorit certificate



se li vedi, seleziona e rimuovi (elimina)

sai dirmi se il pc ha ancora problemi?

eri pieno di infezioni
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: nuovo virus msn ( aiuto )

Postdi jimmy83 » 23/07/09 17:58

ciao, momentaneamente il pc... anzi con il messenger non ho più questo tipo di problema, ed il pc è molto più veloce, verso le 21 ti do un aggiornamento dato che ho detto a qualche mio contatto msn di fare da cavia e di avvisarmi se gli arrivano ancora link da "parte mia".
Ti ringrazio per il tuo aiuto!
jimmy83
Utente Junior
 
Post: 20
Iscritto il: 20/07/09 18:05

Re: nuovo virus msn ( aiuto )

Postdi shel » 23/07/09 18:57

controlla se hai i certificati come ti ho indicato nel post precedente e postami un nuovo log di hjt
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: nuovo virus msn ( aiuto )

Postdi jimmy83 » 23/07/09 19:55

i certificati che mi hai scritto non ce li ho
ecco il log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.53.56, on 23/07/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Windows Live\Family Safety\fsssvc.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Programmi\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe
C:\Programmi\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
C:\Programmi\Windows Live\Family Safety\fsui.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe
C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\File comuni\Nokia\MPAPI\MPAPI3s.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
E:\eMule\emule.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Proprietario\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.mini16.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {08EF10CD-9170-4F7C-A40B-0D78F7B3D57F} - (no file)
O2 - BHO: (no name) - {0EE5DE70-B67C-4EF5-90F3-F1F5508FC464} - (no file)
O2 - BHO: (no name) - {1508D5B3-B8DF-443C-9F61-B10DED27607B} - (no file)
O2 - BHO: (no name) - {17371C2E-A087-408E-8753-F2D0CC76A056} - (no file)
O2 - BHO: (no name) - {35F3BE6D-8816-4123-93E6-33BC5FEF169D} - (no file)
O2 - BHO: (no name) - {38AA74C4-2198-4632-ACB4-F18D812A9007} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {3F5BD97D-5CC2-4CBF-8250-C50B8766F43A} - (no file)
O2 - BHO: (no name) - {4925F8D2-E4E9-4E29-8629-ECB7E5B53298} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {565229B2-9B76-417C-AB28-029E47C62037} - (no file)
O2 - BHO: (no name) - {58CB7742-1EDE-4192-8743-0400843BDD58} - (no file)
O2 - BHO: (no name) - {58E4BF3C-7B32-4634-A4D6-C2E1EFC199F5} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: (no name) - {5CF3467C-19AF-4E01-83AB-5CB238ACFDF9} - (no file)
O2 - BHO: (no name) - {64A25F87-98CF-4D9F-83A8-E873484D3D25} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programmi\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: (no name) - {70B3402C-DA8F-429C-9A5A-7AF4EDC00DF0} - (no file)
O2 - BHO: (no name) - {75DFFA52-32FA-4316-A3A7-4387D8B69A86} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {76E67D37-BB06-414B-9D76-C4F4B6EBA9E3} - (no file)
O2 - BHO: (no name) - {83EC247B-9CB2-4577-B651-AE653B4C4806} - (no file)
O2 - BHO: (no name) - {88CEFBF2-7A2E-433C-BB63-2E7642FAF429} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9567473C-56CB-4995-95A6-BE546DE637E2} - (no file)
O2 - BHO: (no name) - {98459F1B-A3B9-4712-9FC5-55B83F7A757D} - (no file)
O2 - BHO: (no name) - {A72FB51D-1BB9-4D5B-800D-5D7851DA1453} - (no file)
O2 - BHO: (no name) - {ACDE040D-4A42-4089-A36C-96F213AD7C53} - (no file)
O2 - BHO: (no name) - {B4798D4C-9584-49EE-A57C-8633D02579D8} - (no file)
O2 - BHO: (no name) - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - (no file)
O2 - BHO: (no name) - {C94AA6DE-8954-4BA6-92DB-8466BAC9D2B2} - (no file)
O2 - BHO: (no name) - {D7C9ABE3-A146-412D-B4FC-9423F9E76101} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E03BA089-5D3D-4530-AB90-293577731B99} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O2 - BHO: (no name) - {E281CF7B-4500-4F2A-80DA-3224E57FEBA8} - (no file)
O2 - BHO: (no name) - {F26CCBD4-FECC-4886-9A38-6DF690ED923F} - (no file)
O2 - BHO: (no name) - {FA3374F5-3779-4475-BDF4-7932AFC8D358} - (no file)
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programmi\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fsui.exe" -autorun
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [5ca89bd3] rundll32.exe "C:\WINDOWS\system32\puonasxl.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Programmi\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [Skype] "C:\Programmi\Skype\\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_1] cmd /c md "C:\Temp" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2A51E23A-3862-41B3-866C-194F9F68C6A5}: NameServer = 85.37.17.43 85.38.28.96
O17 - HKLM\System\CS1\Services\Tcpip\..\{2A51E23A-3862-41B3-866C-194F9F68C6A5}: NameServer = 85.37.17.43 85.38.28.96
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Programmi\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PskSvcRetailInst - Unknown owner - C:\Temp\ISSCAN\PskSvc.exe (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 11711 bytes
jimmy83
Utente Junior
 
Post: 20
Iscritto il: 20/07/09 18:05

Re: nuovo virus msn ( aiuto )

Postdi shel » 23/07/09 20:10

abilita la visualizzazione dei file nascosti (apri una cartella qualsiasi, vai su Strumenti--> Opzioni cartella--> Visualizzazione e spunta Visualizza file e cartelle nascosti


elimina il file che ti ho segnalato in rosso

C:\WINDOWS\system32\puonasxl.dll",b

non hai cancellato le voci 02 ? apri hjt e fixale insieme a queste due

O4 - HKLM\..\Run: [5ca89bd3] rundll32.exe "C:\WINDOWS\system32\puonasxl.dll",b

O23 - Service: PskSvcRetailInst - Unknown owner - C:\Temp\ISSCAN\PskSvc.exe (file missing)



vai qui =====> http://www.virustotal.com/it/ e analizza il file in rosso

c:\temp\ISSCAN\PskSvc.exe
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: nuovo virus msn ( aiuto )

Postdi jimmy83 » 24/07/09 05:30

non ho i file in rosso che mi hai scritto
jimmy83
Utente Junior
 
Post: 20
Iscritto il: 20/07/09 18:05

Re: nuovo virus msn ( aiuto )

Postdi shel » 24/07/09 08:17

meglio cosi'

fai un po' di polizia

scarica Ccleaner

http://www.filehippo.com/download_ccleaner/

1) per il download dell'ultima versione clicca a destra in alto sotto la freccia verde
2) installalo
3) clicca su "avvia pulizia", ripeti il procedimento 2 volte


se non hai altro possiamo chiudere qui la discussione
shel
Utente Senior
 
Post: 1326
Iscritto il: 29/08/08 21:56

Re: nuovo virus msn ( aiuto )

Postdi jimmy83 » 24/07/09 16:54

il computer ora è perfetto. grazie mille per il tuo aiuto
jimmy83
Utente Junior
 
Post: 20
Iscritto il: 20/07/09 18:05


Torna a Sicurezza e Privacy


Topic correlati a "nuovo virus msn ( aiuto )":

aiuto windows 10
Autore: mod360
Forum: Software Windows
Risposte: 1
aiuto installazione
Autore: mod360
Forum: Software Windows
Risposte: 3

Chi c’è in linea

Visitano il forum: Nessuno e 42 ospiti