Valutazione 4.87/ 5 (100.00%) 5838 voti

Condividi:        

problema con un virus

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: kadosh, Luke57

problema con un virus

Postdi bob20 » 06/10/12 15:52

Ciao. Il pc da cui sto scrivendo (che è di mio fratello, non il mio solito) è infettato. I programmi di sicurezza non partono o partono saltuariamente in mod. normale (fortunatamente funzionano in mod. provvisoria). Anche i browser a volte non partono, e quando partono, indirizzano a siti porno o comunque strani dopo il click a qualsiasi link di Google. Fortunatamente si riesce a navigare usando direttamente la barra degli indirizzi
C'è un programma - System Progressive Protection - che in realtà, credo, è il virus stesso o almeno l'origine del problema. Ieri pomeriggio infatti hanno iniziato ad aprirsi finestre di questo programma che segnalava la presenza di virus. Questo programma risulta essere installato proprio da ieri pomeriggio. Ieri ho fixato una voce di HJT che era legata proprio a esso. Poi ho fatto una scansione con AVG, che non ha rilevato infezioni, e una con AdwCleaner, che ha funzionato solo dalla mod. provvisoria.

Log di HJT:
Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16.18.36, on 06/10/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19328)
Boot mode: Normal

Running processes:
C:\Windows\Explorer.EXE
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Users\Giovanni\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Giovanni\AppData\Local\Temp\RtkBtMnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ycomp/defaults/sp/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe C:\PROGRA~2\cracoarjetu.dat,StartAs
O4 - HKCU\..\Run: [Google Update] "C:\Users\Giovanni\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe C:\PROGRA~2\cracoarjetu.dat,StartAs (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O4 - Startup: ctfmon.lnk = C:\Windows\System32\rundll32.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6024 bytes


Log di AdwCleaner:
Codice: Seleziona tutto
# AdwCleaner v2.003 - Logfile created 10/06/2012 at 16:13:20
# Updated 23/09/2012 by Xplode
# Operating system : Windows Vista (TM) Home Basic Service Pack 2 (32 bits)
# User : Giovanni - PC-GIOVANNI
# Boot Mode : Safe mode with networking
# Running from : C:\Users\Giovanni\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.19328

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (it)

Profile name : default
File : C:\Users\Giovanni\AppData\Roaming\Mozilla\Firefox\Profiles\d3q9cwvp.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v22.0.1229.79

File : C:\Users\Giovanni\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1075 octets] - [06/10/2012 16:10:38]
AdwCleaner[R2].txt - [1136 octets] - [06/10/2012 16:12:32]
AdwCleaner[S1].txt - [1406 octets] - [06/10/2012 16:13:20]

########## EOF - C:\AdwCleaner[S1].txt - [1466 octets] ##########


Grazie in anticipo a chi mi aiuterà
bob20
Utente Senior
 
Post: 214
Iscritto il: 31/03/05 21:06

Sponsor
 

Re: problema con un virus

Postdi Luke57 » 06/10/12 16:09

Ciao, apri hihackthis, premi "do a system scan only", metti il segno di spunta a queste voci

R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe C:\PROGRA~2\cracoarjetu.dat,StartAs
O4 - HKUS\S-1-5-19\..\Run: [ctfmon.exe] C:\Windows\system32\rundll32.exe C:\PROGRA~2\cracoarjetu.dat,StartAs (User 'SERVIZIO LOCALE')
O4 - Startup: ctfmon.lnk = C:\Windows\System32\rundll32.exe

premi fix checked

Scarica, installa ed aggiorna Malwarebytes

http://www.suspectfile.com/programmi/pr ... ebytes.php

disattiva il tuo antivirus, disconnettiti da internet ed esegui una scansione completa del pc.

Elimina i valori infetti, riavvia.

Riattiva la protezione del tuo antivurs, collegati ad internet.
Apri Malwarebytes, portati nella scheda del log copia/incolla il suo contenuto nella tua prossima risposta

Inoltre, scarica OTL, e salvalo sul desktop:

http://oldtimer.geekstogo.com/OTL.exe

Clicca sull'icona di OTL che trovi sul tuo desktop .

Metti la spunta su SCAN ALL USERS.

Clicca su RUN SCAN

Lascia fare la scansione senza interferire.

Al termine della scansione trovi 2 log sul desktop. OTL.txt ed Extras.txt, salvali e caricali su Wikisend, per postarli sul forum.
http://wikisend.com/
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: problema con un virus

Postdi bob20 » 06/10/12 19:50

Grazie mille Luke!
Questo è il log di Malwarebytes:
Codice: Seleziona tutto
Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Versione database: v2012.10.06.03

Windows Vista Service Pack 2 x86 NTFS (Modalità provvisoria)
Internet Explorer 8.0.6001.19328
Giovanni :: PC-GIOVANNI [amministratore]

06/10/2012 18.54.28
mbam-log-2012-10-06 (18-54-28).txt

Tipo di scansione: Scansione completa (C:\|D:\|)
Opzioni di scansione attive: Memoria | Esecuzione automatica | Registro | File di sistema | Euristica/Extra | Euristica/Shuriken | PUP | PUM
Opzioni di scansione disattivate: P2P
Elementi esaminati: 320257
Tempo impiegato: 51 minuti, 32 secondi

Processi rilevati in memoria: 0
(non sono stati rilevati elementi nocivi)

Moduli di memoria rilevati: 0
(non sono stati rilevati elementi nocivi)

Chiavi di registro rilevate: 0
(non sono stati rilevati elementi nocivi)

Valori di registro rilevati: 0
(non sono stati rilevati elementi nocivi)

Voci rilevate nei dati di registro: 3
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Cattivo: (1) Buono: (0) -> Spostato in quarantena e riparato con successo.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Cattivo: (1) Buono: (0) -> Spostato in quarantena e riparato con successo.
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Cattivo: (1) Buono: (0) -> Spostato in quarantena e riparato con successo.

Cartelle rilevate: 1
C:\Users\Giovanni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection (Rogue.SystemProgressiveProtection) -> Spostato in quarantena ed eliminato con successo.

File rilevati: 9
C:\ProgramData\10A8ADBA8028855800F110A7BD990AB0\10A8ADBA8028855800F110A7BD990AB0.exe (Spyware.Zeus) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Giovanni\Downloads\SoftonicDownloader_per_firefox.exe (PUP.OfferBundler.ST) -> Spostato in quarantena ed eliminato con successo.
D:\Go-OO-Plus-321\Settings\Native\STUBEXE\8.0.1112\@SYSTEM@\verclsid.exe (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.
D:\Go-OO-Plus-321\Settings\Virtual\STUBEXE\8.0.1112\@APPDATA@\OpenOffice.org\3\user\uno_packages\cache\uno_packages\2A.tmp_\sun-pdfimport.oxt\xpdfimport.exe (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.
D:\Go-OO-Plus-321\Settings\Virtual\STUBEXE\8.0.1112\@PROGRAMFILES@\OpenOffice.org 3\program\soffice.bin (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.
D:\Go-OO-Plus-321\Settings\Virtual\STUBEXE\8.0.1112\@PROGRAMFILES@\OpenOffice.org 3\program\soffice.exe (Trojan.Agent) -> Spostato in quarantena ed eliminato con successo.
C:\ProgramData\lsass.exe (Trojan.Delf) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Giovanni\Desktop\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Spostato in quarantena ed eliminato con successo.
C:\Users\Giovanni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Progressive Protection\System Progressive Protection.lnk (Rogue.SystemProgressiveProtection) -> Spostato in quarantena ed eliminato con successo.

(fine)


Qui invece i due log di OTL:
OTL.Txt
Extras.Txt
bob20
Utente Senior
 
Post: 214
Iscritto il: 31/03/05 21:06

Re: problema con un virus

Postdi Luke57 » 07/10/12 10:46

Ciao, hai sempre problemi?
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: problema con un virus

Postdi bob20 » 07/10/12 19:21

Ciao, purtroppo sì. Forse il virus vero e proprio non c'è più, però se provo ad aprire un indirizzo dopo una ricerca di google, mi manda sempre a quel sito porno e si aprono finestre strane. Non so se possa essere utile, ma allego un nuovo log di HJT.
Codice: Seleziona tutto
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20.09.45, on 07/10/2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19328)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Giovanni\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Users\Giovanni\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Giovanni\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Giovanni\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Giovanni\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ycomp/defaults/sp/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://it.rd.yahoo.com/customize/ycomp/defaults/su/*http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
O4 - HKCU\..\Run: [Google Update] "C:\Users\Giovanni\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVIZIO DI RETE')
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 5843 bytes
bob20
Utente Senior
 
Post: 214
Iscritto il: 31/03/05 21:06

Re: problema con un virus

Postdi Luke57 » 07/10/12 23:06

CiAO,scarica combofix
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
posizionalo sul desktop , disconnettiti dalla rete e disattiva il tuo antivirus
Doppio click su combofix, partirà la scansione.
Non toccare il mouse mentre combofix è in esecuzione, potrebbe provocare un blocco
Apparirà una schermata di esonero garanzie sul software-clicca su si,
Apparirà una schermata (solo per chi usa windows xp) per installare la console di ripristino,clicca su no.
Al termine apparirà a schermo il log di combofix che potrai anche trovare in C:\combofix.txt
Inseriscilo su wikisend
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: problema con un virus

Postdi bob20 » 08/10/12 08:24

Ok, grazie ancora.
Allego il log.
ComboFix.txt
bob20
Utente Senior
 
Post: 214
Iscritto il: 31/03/05 21:06

Re: problema con un virus

Postdi Luke57 » 08/10/12 16:12

Ciao, copia il seguente script nel box bianco di Otl.exe:


:OTL
MOD - [2012/10/05 17.16.05 | 000,055,296 | -H-- | M] () -- C:\Windows\System32\igxpfmon.dll
SRV - File not found [Auto | Stopped] -- C:\PROGRA~2\execradomnj.dat -- (SENS)
O1 - Hosts: ::1 localhost
O13 - gopher Prefix: missing
O36 - AppCertDlls: cmstmsdt - (C:\Windows\system32\igxpfmon.dll) - C:\Windows\System32\igxpfmon.dll ()
[2012/10/05 17.17.01 | 000,000,000 | ---D | C] -- C:\ProgramData\10A8ADBA8028855800F110A7BD990AB0
[2012/10/05 17.16.05 | 000,055,296 | -H-- | M] () -- C:\Windows\System32\igxpfmon.dll
[2012/10/03 14.32.02 | 000,014,336 | ---- | M] () -- C:\Users\Giovanni\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/03 08.22.06 | 076,004,920 | -H-- | C] () -- C:\ProgramData\utejraocarc.dat
[2011/11/03 08.22.06 | 076,004,920 | -H-- | C] () -- C:\ProgramData\jnmodarcexe.dat
[2006/11/02 14.51.16 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

:commands
[purity]
[Reboot]


Clicca sul pulsante RUN FIX.
Lascia fare la scansione senza interferire.
al termine, dopo il riavvio, posta il report rilasciato
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: problema con un virus

Postdi bob20 » 08/10/12 19:20

Ciao.
Ho incollato quel testo e cliccato RUN FIX, dopo poco mi ha chiesto l'ok per riavviare, ma dopo il riavvio non ho trovato nuovi log... come devo fare?
bob20
Utente Senior
 
Post: 214
Iscritto il: 31/03/05 21:06

Re: problema con un virus

Postdi Luke57 » 08/10/12 23:06

Ciao, se hai ancora problemi, eseguii una nuova scansione con otl.exe e posta il report su ikisend
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: problema con un virus

Postdi bob20 » 09/10/12 12:39

Sembra che adesso vada tutto bene!
Ho fatto comunque una scansione con OTL. C'è un solo log. Lo inserisco qui perchè wikisend al momento non funziona.
Codice: Seleziona tutto
OTL logfile created on: 09/10/2012 10.50.26 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Giovanni\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000410 | Country: Italia | Language: ITA | Date Format: dd/MM/yyyy
 
2,49 Gb Total Physical Memory | 1,56 Gb Available Physical Memory | 62,74% Memory free
5,20 Gb Paging File | 4,22 Gb Available in Paging File | 81,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 32,38 Gb Total Space | 0,38 Gb Free Space | 1,17% Space Free | Partition Type: NTFS
Drive D: | 32,38 Gb Total Space | 23,07 Gb Free Space | 71,24% Space Free | Partition Type: NTFS
 
Computer Name: PC-GIOVANNI | User Name: Giovanni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
[color=#E56717]========== Processes (SafeList) ==========[/color]
 
PRC - [2012/10/08 09.07.34 | 000,208,896 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Users\Giovanni\AppData\Local\Temp\RtkBtMnt.exe
PRC - [2012/10/06 20.18.55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Giovanni\Desktop\OTL.exe
PRC - [2011/10/17 18.32.10 | 002,042,208 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG8\avgtray.exe
PRC - [2010/07/23 14.37.52 | 000,648,536 | ---- | M] (Research In Motion Limited) -- C:\Programmi\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe
PRC - [2009/08/27 08.38.26 | 000,486,680 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG8\avgrsx.exe
PRC - [2009/08/27 08.38.25 | 000,693,016 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG8\avgcsrvx.exe
PRC - [2009/08/27 08.38.22 | 000,595,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG8\avgnsx.exe
PRC - [2009/08/27 08.38.18 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG8\avgemc.exe
PRC - [2009/08/27 08.38.10 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programmi\AVG\AVG8\avgwdsvc.exe
PRC - [2009/04/11 08.27.36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2007/09/10 16.28.18 | 000,057,344 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
PRC - [2007/07/12 17.36.12 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2007/06/28 19.50.52 | 000,024,576 | ---- | M] () -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
PRC - [2007/06/13 17.54.36 | 000,135,168 | R--- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eNet\eNet Service.exe
PRC - [2007/06/13 12.23.54 | 000,167,936 | ---- | M] (acer) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
PRC - [2007/05/29 02.29.00 | 004,472,832 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2007/04/25 17.34.30 | 000,457,512 | ---- | M] (HiTRSUT) -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
PRC - [2007/04/23 10.53.48 | 000,024,576 | ---- | M] (Acer Inc.) -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
PRC - [2006/11/24 13.57.54 | 000,107,008 | ---- | M] () -- C:\Acer\Mobility Center\MobilityService.exe
 
 
[color=#E56717]========== Modules (No Company Name) ==========[/color]
 
 
[color=#E56717]========== Services (SafeList) ==========[/color]
 
SRV - File not found [Auto | Stopped] -- c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012/09/13 09.55.23 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programmi\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2011/07/20 06.18.24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011/06/08 13.02.00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Programmi\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2009/08/27 08.38.18 | 000,908,056 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/08/27 08.38.10 | 000,297,752 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programmi\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/01/18 23.38.26 | 000,272,952 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programmi\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/18 23.33.40 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2007/09/10 16.28.18 | 000,057,344 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe -- (eRecoveryService)
SRV - [2007/07/12 17.36.12 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programmi\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/06/28 19.50.52 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe -- (eSettingsService)
SRV - [2007/06/13 17.54.36 | 000,135,168 | R--- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eNet\eNet Service.exe -- (eNet Service)
SRV - [2007/06/13 12.23.54 | 000,167,936 | ---- | M] (acer) [Auto | Running] -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe -- (WMIService)
SRV - [2007/04/25 17.34.30 | 000,457,512 | ---- | M] (HiTRSUT) [Auto | Running] -- C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe -- (eDataSecurity Service)
SRV - [2007/04/23 10.53.48 | 000,024,576 | ---- | M] (Acer Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe -- (eLockService)
SRV - [2006/11/24 13.57.54 | 000,107,008 | ---- | M] () [Auto | Running] -- C:\Acer\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2006/10/26 13.03.08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006/04/14 10.04.54 | 000,087,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programmi\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
 
 
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Giovanni\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2012/02/16 00.24.36 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus)
DRV - [2011/05/18 10.12.38 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/05/18 10.12.36 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/05/18 10.12.32 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/05/18 10.12.28 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2009/08/27 08.38.26 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/08/27 08.38.26 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/05/06 12.18.53 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2008/08/26 10.26.12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008/05/07 09.55.22 | 000,767,488 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2007/05/02 13.52.00 | 000,290,816 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tifm21.sys -- (tifm21)
DRV - [2007/03/02 19.19.34 | 000,076,584 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2006/11/29 02.44.52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/11/02 09.30.56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006/11/02 09.30.54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
 
 
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
 
 
[color=#E56717]========== Internet Explorer ==========[/color]
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://it.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://global.acer.com [binary data]
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-1542102524-2208710894-2965343972-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Yahoo! Search
IE - HKU\S-1-5-21-1542102524-2208710894-2965343972-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1542102524-2208710894-2965343972-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKU\S-1-5-21-1542102524-2208710894-2965343972-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-1542102524-2208710894-2965343972-1003\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1542102524-2208710894-2965343972-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1542102524-2208710894-2965343972-1003\..\SearchScopes\{C4540ACD-6297-44D3-BBBD-7D4D0ABC379E}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKU\S-1-5-21-1542102524-2208710894-2965343972-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
[color=#E56717]========== FireFox ==========[/color]
 
FF - prefs.js..browser.startup.homepage: "www.google.it"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Giovanni\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Giovanni\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 14.19.51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/13 09.55.23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/25 16.01.33 | 000,000,000 | ---D | M]
 
[2009/06/06 11.52.49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Giovanni\AppData\Roaming\mozilla\Extensions
[2012/05/02 14.38.02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Giovanni\AppData\Roaming\mozilla\Firefox\Profiles\d3q9cwvp.default\extensions
[2010/12/12 01.31.00 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Giovanni\AppData\Roaming\mozilla\Firefox\Profiles\d3q9cwvp.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/05/02 13.24.58 | 000,000,000 | ---D | M] (No name found) -- C:\Programmi\Mozilla Firefox\extensions
[2012/09/13 09.55.23 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/27 10.00.22 | 000,001,393 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-it.xml
[2012/09/13 09.55.22 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/27 10.00.22 | 000,000,744 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-it.xml
[2012/06/27 10.00.22 | 000,000,817 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\hoepli.xml
[2012/06/27 10.00.22 | 000,001,182 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-it.xml
[2012/06/27 10.00.22 | 000,000,953 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-it.xml
 
[color=#E56717]========== Chrome  ==========[/color]
 
CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Giovanni\AppData\Local\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Giovanni\AppData\Local\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Giovanni\AppData\Local\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Giovanni\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: RIM Handheld Application Loader (Enabled) = C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Veetle TV Player (Enabled) = C:\Program Files\Veetle\Player\npvlc.dll
CHR - plugin: Veetle TV Core (Enabled) = C:\Program Files\Veetle\plugins\npVeetle.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Giovanni\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Giovanni\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Ricerca Google = C:\Users\Giovanni\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Gmail = C:\Users\Giovanni\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/10/08 20.07.06 | 000,001,446 | RH-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O3 - HKU\S-1-5-21-1542102524-2208710894-2965343972-1003\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Windows\System32\eDStoolbar.dll (HiTRUST)
O4 - HKLM..\Run: [AVG8_TRAY] C:\Programmi\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BlackBerryAutoUpdate] C:\Program Files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe (Research In Motion Limited)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1542102524-2208710894-2965343972-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1542102524-2208710894-2965343972-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&sporta in Microsoft Excel - C:\Programmi\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programmi\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 83.103.25.250 62.101.93.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{108B42AE-772F-451D-895C-1D8A48F89A07}: DhcpNameServer = 83.103.25.250 62.101.93.101
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5CC00B90-C6F0-47E8-AA76-8517B41B4D72}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programmi\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programmi\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 23.43.36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
 
[2012/10/08 20.06.59 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/10/08 09.04.40 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012/10/08 09.04.40 | 000,000,000 | ---D | C] -- C:\Users\Giovanni\AppData\Local\temp
[2012/10/08 09.03.49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/10/08 08.55.06 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/10/08 08.55.06 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/10/08 08.55.06 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/10/08 08.47.16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/10/08 08.46.24 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/10/08 08.39.27 | 004,762,471 | R--- | C] (Swearware) -- C:\Users\Giovanni\Desktop\ComboFix.exe
[2012/10/06 20.18.47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Giovanni\Desktop\OTL.exe
[2012/10/06 18.29.49 | 000,000,000 | ---D | C] -- C:\Users\Giovanni\AppData\Roaming\Malwarebytes
[2012/10/06 18.28.36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/10/06 18.28.35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/10/06 18.28.33 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/10/06 18.28.33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/10/05 17.17.01 | 000,000,000 | ---D | C] -- C:\ProgramData\10A8ADBA8028855800F110A7BD990AB0
[2012/09/22 18.46.45 | 000,000,000 | ---D | C] -- C:\Users\Giovanni\Desktop\Prof. Emilio Del Giudice
[2012/09/22 11.02.16 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012/09/22 11.02.16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012/09/22 11.02.14 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012/09/22 11.02.14 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012/09/22 11.02.14 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2012/09/22 11.02.14 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2012/09/22 11.02.14 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec
[2012/09/22 11.02.13 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012/09/22 11.02.13 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2012/09/22 11.02.13 | 000,174,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2012/09/22 11.02.13 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012/09/22 11.02.13 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012/09/22 11.02.13 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2012/09/22 11.02.13 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2012/09/22 11.02.13 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2012/09/22 11.02.13 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2012/09/22 11.02.13 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll
[2012/09/22 11.02.13 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2012/09/20 17.28.18 | 000,000,000 | ---D | C] -- C:\Users\Giovanni\Desktop\Traduz. eichette
 
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
 
[2012/10/09 10.31.10 | 000,665,702 | ---- | M] () -- C:\Windows\System32\perfh010.dat
[2012/10/09 10.31.10 | 000,590,082 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/10/09 10.31.10 | 000,121,302 | ---- | M] () -- C:\Windows\System32\perfc010.dat
[2012/10/09 10.31.10 | 000,102,094 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/10/09 10.24.42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/10/09 10.24.42 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/10/09 10.24.02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/10/09 10.23.59 | 2674,319,360 | -HS- | M] () -- C:\hiberfil.sys
[2012/10/08 23.24.43 | 000,001,172 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1542102524-2208710894-2965343972-1003UA.job
[2012/10/08 13.07.00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1542102524-2208710894-2965343972-1003Core.job
[2012/10/08 09.09.07 | 058,771,117 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2012/10/08 08.40.15 | 004,762,471 | R--- | M] (Swearware) -- C:\Users\Giovanni\Desktop\ComboFix.exe
[2012/10/07 22.59.03 | 000,002,529 | ---- | M] () -- C:\Users\Giovanni\Desktop\HiJackThis.lnk
[2012/10/06 20.18.55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Giovanni\Desktop\OTL.exe
[2012/10/06 18.28.36 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/05 21.09.02 | 000,002,639 | ---- | M] () -- C:\Users\Giovanni\Desktop\Microsoft Office Word 2007.lnk
[2012/10/05 11.26.06 | 000,091,638 | ---- | M] () -- C:\Users\Giovanni\Desktop\STIGA   DDT N. 203 DEL 02-10-12.pdf
[2012/10/03 14.32.05 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/09/30 13.29.29 | 000,002,061 | ---- | M] () -- C:\Users\Giovanni\Desktop\Google Chrome.lnk
[2012/09/25 00.42.50 | 000,002,639 | ---- | M] () -- C:\Users\Giovanni\Desktop\Microsoft Office Word 2007 - Copia.lnk
[2012/09/21 10.44.17 | 000,026,658 | ---- | M] () -- C:\Users\Giovanni\Desktop\Traduz. eichette.zip
 
[color=#E56717]========== Files Created - No Company Name ==========[/color]
 
[2012/10/08 09.06.41 | 2674,319,360 | -HS- | C] () -- C:\hiberfil.sys
[2012/10/08 08.55.06 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/10/08 08.55.06 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/10/08 08.55.06 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/10/08 08.55.06 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/10/08 08.55.06 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/10/06 18.28.36 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/10/05 11.26.02 | 000,091,638 | ---- | C] () -- C:\Users\Giovanni\Desktop\STIGA   DDT N. 203 DEL 02-10-12.pdf
[2012/09/21 10.44.17 | 000,026,658 | ---- | C] () -- C:\Users\Giovanni\Desktop\Traduz. eichette.zip
[2012/02/09 21.46.03 | 000,004,096 | -H-- | C] () -- C:\Users\Giovanni\AppData\Local\keyfile3.drm
[2012/01/29 18.11.24 | 000,000,680 | ---- | C] () -- C:\Users\Giovanni\AppData\Local\d3d9caps.dat
[2011/09/27 17.56.57 | 000,000,256 | ---- | C] () -- C:\Windows\System32\pool.bin
[2009/01/06 19.50.25 | 000,000,443 | ---- | C] () -- C:\Users\Giovanni\AppData\Roaming\mdbu.bin
[2008/12/20 11.29.49 | 002,571,031 | ---- | C] () -- C:\Users\Giovanni\Foto.rar
[2008/11/06 23.54.51 | 000,001,024 | ---- | C] () -- C:\Users\Giovanni\.rnd
[2008/07/21 10.28.17 | 000,000,378 | ---- | C] () -- C:\Users\Giovanni\Documenti - collegamento.lnk
[2008/06/16 13.22.15 | 000,064,747 | ---- | C] () -- C:\Users\Giovanni\LaterzaGiovanni_Ici_Giu2008.pdf
[2008/04/05 13.25.46 | 000,036,512 | ---- | C] () -- C:\ProgramData\LUUnInstall.LiveUpdate
 
[color=#E56717]========== ZeroAccess Check ==========[/color]
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19.47.00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08.28.19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/04/11 08.28.25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
bob20
Utente Senior
 
Post: 214
Iscritto il: 31/03/05 21:06

Re: problema con un virus

Postdi Luke57 » 09/10/12 12:51

Ciao, ok!
Luke57
Moderatore
 
Post: 6410
Iscritto il: 11/08/05 19:10

Re: problema con un virus

Postdi bob20 » 09/10/12 13:19

Bene! Grazie mille!
Ciao
bob20
Utente Senior
 
Post: 214
Iscritto il: 31/03/05 21:06


Torna a Sicurezza e Privacy


Topic correlati a "problema con un virus":


Chi c’è in linea

Visitano il forum: Nessuno e 8 ospiti