Dialer, virus vari

di **zena** » 22/12/08 22:04

Ciao a tutti,
penso di avere qualche problemino sul mio pc, inanzitutto appena lo accendo, dopo che finisce di caricarmi windows, sul desktop mi compare un po' di volte un dial up che cerca di connettermi. Dopo averlo chiuso e mentre navigo mi chiede di bloccare un certo programma di nome mdm e ogni tanto mi cade la connessione...
nel task manager ho anche sempre attivo un processo di nome IEXPLORE.EXE che mi "puzza" un po'.
posto qua sotto il log di HijackThis, spero possa essere utile:

Logfile of HijackThis v1.99.1
Scan saved at 21.59.20, on 22/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5700.0006)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Programmi\D-Tools\daemon.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Java\jre6\bin\jusched.exe
C:\WINDOWS\vVX6000.exe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Creative\Shared Files\CamTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\DOCUME~1\Fedo\DATIAP~1\MICROS~1\mqtgsvc.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Fedo\IMPOST~1\Temp\Rar$EX00.734\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/webhp?rls=ig
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=55245&clcid={SUB_CLCID}
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
F3 - REG:win.ini: load=C:\DOCUME~1\Fedo\DATIAP~1\MICROS~1\mqtgsvc.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Programmi\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [VX6000] C:\WINDOWS\vVX6000.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Creative WebCam Tray] C:\Programmi\Creative\Shared Files\CamTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Programmi\Nikon\PictureProject\NkbMonitor.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\programmi\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Fac ... oader5.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.com/s/ESD5/JSCDL/ ... 586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{716F82CC-0AC0-42FF-B946-16F4D35AC5F3}: NameServer = 85.37.17.13 85.38.28.81
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Programmi\Java\jre6\bin\jqs.exe" -service -config "C:\Programmi\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

Nella speranza che possiate darmi una mano, ringrazio, saluto e vi auguro un buon natale.
Ciao

di **Luke57** » 23/12/08 08:53

Ciao e auguri, scarica combofix da qui:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Per eseguirlo,doppio click su Combofix.exe
Si aprirà una finestra blu....Attendere....
Dopo qualche attimo apparirà l'avviso che declina l'autore da ogni problema legato ad una errata utilizzazione del tool.
A questo punto selezionate 1 quindi ENTER per lanciare lo scan..
Attendere.....(non fare altre manovre duante lo scan, se spariscono le icone dal desktop è del tutto normale)
Un avviso ti segnalerà la fine dell'operazione e dopo qualche attimo apparirà il log con i dettagli dello scan.
IL log verrà memorizzato in C:\Combofix.txt
Allegalo o incollalo a un post

di **zena** » 23/12/08 19:57

ciao, ho fatto tutto ciò che mi hai suggerito.
ho solo un problemino ora, non riesco a postarti tutto il log di combofix perchè è lunghissimo e mi fa dei problemi, ti metto solo la parte iniziale e finale, spero possa bastarti, altrimenti dimmelo che provo ancora a mettertelo tutto:

ComboFix 08-12-23.01 - Fedo 2008-12-23 19.18.11.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.2047.1665 [GMT 1:00]
Eseguito da: c:\documents and settings\Fedo\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((( Files Creati Da 2008-11-23 al 2008-12-23 )))))))))))))))))))))))))))))))))))
.

2008-12-22 21:42 . 2008-12-22 21:42 <DIR> d-------- c:\programmi\Camfrog
2008-12-21 15:05 . 2008-08-04 16:22 2,077,840 --a------ c:\windows\SYSTEM32\DRIVERS\VX6000Xp.sys
2008-12-21 15:05 . 2008-08-04 16:22 713,744 --a------ c:\windows\vVX6000.exe
2008-12-21 15:05 . 2008-08-04 16:22 566,288 --a------ c:\windows\SYSTEM32\LcProxy.ax
2008-12-21 15:05 . 2008-08-04 16:22 467,984 --a------ c:\windows\SYSTEM32\vVX6000.dll
2008-12-21 15:05 . 2008-08-04 16:22 189,456 --a------ c:\windows\SYSTEM32\cVX6000.dll
2008-12-21 15:05 . 2008-08-04 16:22 185,360 --a------ c:\windows\SYSTEM32\LCCoin20.dll
2008-12-21 15:05 . 2008-08-04 16:22 115,728 --a------ c:\windows\SYSTEM32\VX6000.dll
2008-12-21 15:05 . 2008-08-04 16:22 36,240 --a------ c:\windows\SYSTEM32\DRIVERS\VX6KCamd.sys
2008-12-21 15:05 . 2008-08-04 16:22 15,497 --a------ c:\windows\VX6KStd.ini
2008-12-21 15:05 . 2008-08-04 16:22 13,022 --a------ c:\windows\VX6000.src
2008-12-21 14:37 . 2008-12-21 14:37 <DIR> d-------- c:\windows\SYSTEM32\it-IT
2008-12-21 14:36 . 2008-12-21 14:36 <DIR> d-------- c:\programmi\MSBuild
2008-12-21 14:34 . 2008-12-21 14:34 <DIR> d-------- c:\windows\SYSTEM32\XPSViewer
2008-12-21 14:33 . 2008-12-21 14:33 <DIR> d-------- c:\programmi\Reference Assemblies
2008-12-21 14:33 . 2006-06-29 13:07 14,048 --------- c:\windows\SYSTEM32\spmsg2.dll
2008-12-14 21:00 . 2008-12-14 21:00 <DIR> d-------- c:\documents and settings\Fedo\Dati applicazioni\Leadertech
2008-12-14 20:54 . 2008-12-14 20:54 <DIR> d-------- c:\programmi\EA Games
2008-12-14 17:42 . 2008-12-14 17:42 <DIR> d-------- c:\documents and settings\All Users\Dati applicazioni\KONAMI
2008-12-14 17:40 . 2008-12-14 17:40 <DIR> d-------- c:\programmi\KONAMI
2008-12-11 21:37 . 2008-12-11 21:37 42,320 --a------ c:\windows\SYSTEM32\xfcodec.dll
2008-12-09 21:27 . 2008-12-09 21:27 <DIR> d-------- c:\windows\Sun
2008-12-09 21:27 . 2008-12-09 21:27 <DIR> d-------- c:\programmi\Java
2008-12-09 21:27 . 2008-12-09 21:27 410,984 --a------ c:\windows\SYSTEM32\deploytk.dll
2008-12-09 21:27 . 2008-12-09 21:27 73,728 --a------ c:\windows\SYSTEM32\javacpl.cpl
2008-11-23 18:36 . 2008-12-21 14:14 202,040 --a------ c:\windows\SYSTEM32\PnkBstrB.exe
2008-11-23 18:36 . 2008-12-21 14:15 137,688 --a------ c:\windows\SYSTEM32\DRIVERS\PnkBstrK.sys
2008-11-23 18:36 . 2008-12-21 14:15 66,872 --a------ c:\windows\SYSTEM32\PnkBstrA.exe
2008-11-23 14:55 . 2008-11-23 14:55 <DIR> d-------- c:\documents and settings\NetworkService\Dati applicazioni\Xfire
2008-11-23 14:53 . 2008-11-23 14:53 <DIR> d-------- c:\documents and settings\Fedo\Dati applicazioni\Xfire
2008-11-23 14:52 . 2008-11-23 14:53 <DIR> d-------- c:\programmi\Xfire

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 17:15 --------- d-----w c:\programmi\Smart Projects
2008-09-17 10:56 86,016 ----a-w c:\documents and settings\Fedo\Dati applicazioni\cmstp.exe
2007-07-04 10:28 20 ---h--w c:\documents and settings\All Users\Dati applicazioni\PKP_DLec.DAT
2007-07-04 10:28 20 ---h--w c:\documents and settings\All Users\Dati applicazioni\PKP_DLds.DAT
2007-02-10 03:26 271 --sh--w c:\programmi\desktop.ini
2007-02-10 03:26 23,476 ---h--w c:\programmi\folder.htt
.

((((((((((((((((((((((((((((( snapshot@2008-08-26_ 7.35.41.62 )))))))))))))))))))))))))))))))))))))))))

...(corpo del log che è lunghissimo)...

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2006-04-21 94208]
"Creative WebCam Tray"="c:\programmi\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="c:\programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"DAEMON Tools-1033"="c:\programmi\D-Tools\daemon.exe" [2004-08-22 81920]
"AppleSyncNotifier"="c:\programmi\File comuni\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-07-22 116040]
"iTunesHelper"="c:\programmi\iTunes\iTunesHelper.exe" [2008-07-30 289064]
"QuickTime Task"="c:\programmi\QuickTime\qttask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="c:\programmi\Java\jre6\bin\jusched.exe" [2008-12-09 136600]
"VX6000"="c:\windows\vVX6000.exe" [2008-08-04 713744]
"SMSERIAL"="sm56hlpr.exe" [2004-06-29 c:\windows\sm56hlpr.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-19 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CmSTP"="c:\docume~1\Fedo\DATIAP~1\cmstp.exe" [2008-09-17 86016]

[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CmSTP"="c:\windows\System\cmstp.exe" [2008-09-17 86016]

[HKEY_USERS\.DEFAULT\software\microsoft\windows\Currentversion\policies\explorer\Run]
"Logman"="c:\docume~1\Fedo\DATIAP~1\MICROS~1\logman.exe" [2008-09-17 86016]

c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - c:\programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2007-03-02 113664]
NkbMonitor.exe.lnk - c:\programmi\Nikon\PictureProject\NkbMonitor.exe [2007-05-12 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=c:\windows\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^LG SyncManager.lnk]
path=c:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\LG SyncManager.lnk
backup=c:\windows\pss\LG SyncManager.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-07-30 10:47 289064 c:\programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NSLauncher]
--a------ 2007-08-02 16:30 3096576 c:\programmi\Nokia\Nokia Software Launcher\NSLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 c:\programmi\QuickTime\QTTask.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Programmi\\Messenger\\msmsgs.exe"=
"c:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"c:\\Programmi\\MSN Messenger\\livecall.exe"=
"c:\\Programmi\\iDC++\\iDCPlusPlus.exe"=
"c:\\Programmi\\Windows Media Player\\WMPLAYER.EXE"=
"c:\\WINDOWS\\System32\\rtcshare.exe"=
"c:\\Programmi\\NetMeeting\\conf.exe"=
"c:\\Programmi\\eMule\\emule.exe"=
"c:\\Programmi\\EA Sports\\Tiger Woods PGA TOUR 08\\BIN\\TW2008.exe"=
"c:\\WINDOWS\\System32\\dpnsvr.exe"=
"c:\\Programmi\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"c:\\Programmi\\Hamachi\\hamachi.exe"=
"c:\\Programmi\\Bonjour\\mDNSResponder.exe"=
"c:\\Programmi\\iTunes\\iTunes.exe"=
"c:\\Programmi\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Programmi\\Xfire\\xfire.exe"=
"c:\\Programmi\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"c:\\Programmi\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Programmi\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=

R0 mv614x;mv614x;c:\windows\system32\DRIVERS\mv614x.sys [2007-02-10 63232]
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\DRIVERS\xfilt.sys [2007-02-10 11264]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\DRIVERS\atl01_xp.sys [2007-02-10 35712]
R3 V0330VID;WebCam Vista;c:\windows\system32\DRIVERS\V0330Vid.sys [2007-09-04 178913]
S3 Asushwio;Asushwio;\??\c:\windows\system32\drivers\Asushwio.sys [2007-02-10 5824]
S3 pwalker;Process Walker Driver;\??\c:\docume~1\Fedo\IMPOST~1\Temp\nsc3.tmp\pwalker.sys []
S3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\DRIVERS\VX6000Xp.sys [2008-12-21 2077840]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae42238a-9066-11dc-bc44-e7ba93ed0ee8}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{343798AF-F54F-CEC1-21D3-6344EBDA6E90}]
c:\windows\system32\wincool.exe s

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BA60DC3-4777-3BBA-83C4-F1FA84FD6B0D}]
c:\windows\system32\yt777777777.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{C5CD9787-54F4-6B5A-7054-5E50F28A8F48}]
c:\windows\crack\crack.exe s
.
Contenuto della cartella 'Scheduled Tasks'

2008-09-11 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programmi\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementare di scansione -------
.
uStart Page = hxxp://www.google.it/webhp?rls=ig
uInternet Settings,ProxyOverride = *.local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {716F82CC-0AC0-42FF-B946-16F4D35AC5F3} = 85.37.17.13 85.38.28.81

O16 -: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-23 19:19:26
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(772)
c:\windows\system32\Ati2evxx.dll
.
Ora fine scansione: 2008-12-23 19.19.50
ComboFix-quarantined-files.txt 2008-12-23 18:19:50

Pre-Run: 52.079.951.872 byte disponibili
Post-Run: 54,523,363,328 byte disponibili

10894

grazie per la collaborazione, attendo istruzioni.
grazie ancora ciao

di **Luke57** » 23/12/08 21:43

Ciao, Scarica installa, aggiorna ed esegui una scansione complea con Malwarebytes
http://www.malwarebytes.org/mbam.php
allega il rapporto nella tua risposta (senza rimuovere quello che ha trovato)

di **zena** » 23/12/08 22:27

Ecco il rapporto:

Malwarebytes' Anti-Malware 1.31
Versione del database: 1538
Windows 5.1.2600 Service Pack 2

23/12/2008 22.27.01
mbam-log-2008-12-23 (22-27-01).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 52882
Tempo trascorso: 2 minute(s), 11 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 1
Elementi dato del registro infetti: 1
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\The Weather Channel (Adware.Hotbar) -> Quarantined and deleted successfully.

Valori di registro infetti:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\rhc1v6j0enn7 (Rogue.AntivirusXP2008) -> Quarantined and deleted successfully.

Elementi dato del registro infetti:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Data: c:\windows\comrepl.exe -> Quarantined and deleted successfully.

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\WINDOWS\comrepl.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Dialer, virus vari

Dialer, virus vari

Re: Dialer, virus vari

Re: Dialer, virus vari

Re: Dialer, virus vari

Re: Dialer, virus vari

Topic correlati a "Dialer, virus vari":

Chi c’è in linea