Condividi:        

stupidi virus

Come rimuovere virus e spyware? Le carte di credito sono davvero sicure in rete? È possibile navigare anonimi? Con quali programmi tutelare la propria privacy? Come proteggere i file importanti? Se volete una risposta a queste e altre domande questo è il luogo giusto!

Moderatori: m.paolo, kadosh, Luke57

stupidi virus

Postdi Paciotti » 13/05/08 20:02

ciao....
avrei dei problemi (virus) che vorrei levare ache se il mio pc funziona
abbastanza bene e veloce fosre senza di essi puo andare piu veloce
spero ni vostri aiuti e vi ringrazio in anticipo....
vi mando il mio topic...



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.53.51, on 13/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Maxtor\OneTouch\utils\Onetouch.exe
C:\Programmi\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\IVT Corporation\BlueSoleil\BtTray.exe
C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
C:\Programmi\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Sidebar\sidebar.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\documents and settings\domenico\impostazioni locali\dati applicazioni\kaeaxu.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\Windows Sidebar\sidebar.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ %^^ %%^ %% ^^^%^ %.exe
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Programmi\Nortek Keyboard Application\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Programmi\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Programmi\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [USBToolTip] "C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Programmi\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\ %^^ %%^ %% ^^^%^ %.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Programmi\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TaskTray] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [E08IXLRD_22203906] "C:\Programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Netlog 24] "C:\Programmi\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [kaeaxu] c:\documents and settings\domenico\impostazioni locali\dati applicazioni\kaeaxu.exe kaeaxu
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4630495000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4630582468
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC3A9531-EB86-48D1-9B75-F6435AF79FF2}: NameServer = 85.37.17.46 85.38.28.84
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Programmi\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Programmi\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 16052 bytes
Paciotti
Utente Junior
 
Post: 18
Iscritto il: 01/05/08 13:57

Sponsor
 

Re: stupidi virus

Postdi q6600 » 15/05/08 17:38

AMD Phenom x4 960 3.3 ghz,2x1gb Corsair DDR3 1333mhz,Nvidia 460 GTX Gigabyte 1024md ddr5 256 bit ,case Cooler Master,Wd Velociraptor 320 gb+ Wd Caviar 1TB, Samsung Syncmaster 2ms hd 19",Corsair HX850 Watt, Seven Ultimate,Ups Atlantis 750w.
Avatar utente
q6600
Utente Senior
 
Post: 213
Iscritto il: 18/11/07 01:08

Re: stupidi virus

Postdi Luke57 » 16/05/08 11:48

Ciao, per piacere non aprire più di un post per lo stesso motivo, inoltre trova titoli meno generici , "stupidi virus" o "aiuto" servono a ben poco.
scarica ComboFix sul desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Disconettiti da internet
Poi apri hijackthis premi "open the misc tool section", "open pocess manager", cerca il seguente processo:
C:\documents and settings\domenico\impostazioni locali\dati applicazioni\kaeaxu.exe
evidenzialo e premi kill process.
Torna alla pagina prncipale del programma con back, premi "scan", cerca e spunta le voci seguenti:
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\ %^^ %%^ %% ^^^%^ %.exe
O4 - HKLM\..\Run: [Flash Media] C:\WINDOWS\system32\ %^^ %%^ %% ^^^%^ %.exe
O4 - HKCU\..\Run: [kaeaxu] c:\documents and settings\domenico\impostazioni locali\dati applicazioni\kaeaxu.exe kaeaxu

premi fix checked.
Chiudi il programma.

Avvia il file ComboFix.exe
Digita 1 per avviare il tool (non fare altre manovre durante la scansione, se le icone del desktop spariscono è normale)
Segui le istruzioni e alla fine verrà generato un log.
collegati e posta il report (C:\combofix.txt)+ altro log di hiajckthis.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

aitatemi....

Postdi Paciotti » 16/05/08 20:09

scusate per il titolo che avevo scritto ma non me ne sono reso conto
che poteva essere non adeguato al linguaggio del sito....
grazie del rimprovero!!!
vi ringrazio per il vostro aitoora vi mando il mio topic



ComboFix 08-05-15.3 - Domenico 2008-05-16 20:43:40.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1276 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Domenico\Desktop\ComboFix.exe
* Resident AV is active


WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Documents and Settings\Domenico\Dati applicazioni\FunWebProducts
C:\Documents and Settings\Domenico\Dati applicazioni\FunWebProducts\Data\Domenico\avatar.dat
C:\Documents and Settings\Domenico\Dati applicazioni\FunWebProducts\Data\Domenico\outfit.dat
C:\Documents and Settings\Domenico\Dati applicazioni\FunWebProducts\Data\Domenico\register.dat
C:\Documents and Settings\Domenico\Dati applicazioni\FunWebProducts\Data\Domenico\zbucks.dat
c:\Documents and Settings\Domenico\Impostazioni locali\Dati applicazioni\spbhungjpe.dat
C:\Documents and Settings\Domenico\Impostazioni locali\Dati applicazioni\spbhungjpe.exe
c:\Documents and Settings\Domenico\Impostazioni locali\Dati applicazioni\spbhungjpe_nav.dat
C:\Documents and Settings\Domenico\Impostazioni locali\Dati applicazioni\spbhungjpe_navps.dat
C:\Documents and Settings\Domenico\real.txt
C:\Programmi\FunWebProducts
C:\Programmi\MyWebSearch
C:\Programmi\MyWebSearch\bar\History\search2
C:\Programmi\MyWebSearch\bar\Settings\s_pid.dat
C:\Programmi\MyWebSearch\bar\Settings\setting2.htm
C:\Programmi\MyWebSearch\bar\Settings\settings.dat
C:\Programmi\ShoppingReport
C:\Programmi\ShoppingReport\Uninst.exe
C:\WINDOWS\Syskernel12.dll
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\real.txt

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NWSAPAGENT
-------\Service_NwSapAgent


((((((((((((((((((((((((( Files Creati Da 2008-04-16 al 2008-05-16 )))))))))))))))))))))))))))))))))))
.

2008-05-16 20:32 . 2008-05-16 20:33 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-05-15 20:08 . 2008-05-15 20:08 9,016 --a------ C:\Documents and Settings\Domenico\jnwfam.exe
2008-05-15 20:00 . 2008-03-03 14:25 5,702 --ah----- C:\WINDOWS\nod32restoretemdono.reg
2008-05-15 20:00 . 2008-03-03 18:21 568 --ah----- C:\WINDOWS\nod32fixtemdono.reg
2008-05-14 22:18 . 2008-05-14 22:18 615 --a------ C:\WINDOWS\system32\SHORTCUT.INI
2008-05-14 21:07 . 2008-05-14 21:07 244 --ah----- C:\sqmnoopt04.sqm
2008-05-14 21:07 . 2008-05-14 21:07 232 --ah----- C:\sqmdata04.sqm
2008-05-14 20:28 . 2008-05-14 20:28 244 --ah----- C:\sqmnoopt03.sqm
2008-05-14 20:28 . 2008-05-14 20:28 232 --ah----- C:\sqmdata03.sqm
2008-05-14 19:58 . 2008-05-14 19:58 <DIR> d-------- C:\Programmi\ESET
2008-05-14 19:58 . 2008-05-14 19:58 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\ESET
2008-05-13 17:32 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
2008-05-13 17:32 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\dllcache\usbser.sys
2008-05-13 17:32 . 2008-05-13 17:32 0 --ah----- C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-05-13 17:32 . 2008-05-13 17:32 0 --ah----- C:\WINDOWS\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf
2008-05-13 17:26 . 2008-02-01 15:17 138,112 --a------ C:\WINDOWS\system32\drivers\nmwcdnsu.sys
2008-05-13 17:26 . 2008-02-01 15:17 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdnsuc.sys
2008-05-13 17:23 . 2007-11-29 10:33 1,419,232 --a------ C:\WINDOWS\system32\wdfcoinstaller01005.dll
2008-05-13 17:23 . 2007-11-29 10:39 95,744 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-05-13 17:23 . 2007-11-29 10:39 19,328 --a------ C:\WINDOWS\system32\drivers\ccdcmbo.sys
2008-05-13 17:23 . 2007-11-29 10:39 16,896 --a------ C:\WINDOWS\system32\drivers\ccdcmb.sys
2008-05-13 17:23 . 2007-11-29 10:39 8,064 --a------ C:\WINDOWS\system32\drivers\usbser_lowerflt.sys
2008-05-13 17:07 . 2008-05-13 17:07 <DIR> d-------- C:\Programmi\Apple Software Update
2008-05-12 20:58 . 2006-03-29 07:05 32,768 --------- C:\WINDOWS\system32\IJRMF.exe
2008-05-12 20:57 . 2008-05-12 20:57 4,030 --a------ C:\WINDOWS\image.jpg
2008-05-12 19:31 . 2008-05-12 19:31 <DIR> d-------- C:\Programmi\ArcSoft
2008-05-12 19:31 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-05-11 21:54 . 2008-05-11 21:54 <DIR> d-------- C:\Documents and Settings\Domenico\Dati applicazioni\Activision
2008-05-11 21:00 . 2008-05-11 21:00 299 --a------ C:\WINDOWS\game.ini
2008-05-11 20:50 . 2008-05-11 20:50 <DIR> d-------- C:\Programmi\Activision
2008-05-09 20:54 . 2008-05-09 20:54 <DIR> d-------- C:\Documents and Settings\Domenico\Dati applicazioni\Ubisoft
2008-05-09 20:52 . 2008-05-09 20:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Ubisoft
2008-05-09 20:52 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-05-09 20:52 . 2007-07-19 18:14 1,358,192 --a------ C:\WINDOWS\system32\D3DCompiler_35.dll
2008-05-09 20:52 . 2007-05-16 16:45 1,124,720 --a------ C:\WINDOWS\system32\D3DCompiler_34.dll
2008-05-09 20:52 . 2007-03-12 16:42 1,123,696 --a------ C:\WINDOWS\system32\D3DCompiler_33.dll
2008-05-09 20:52 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-05-09 20:52 . 2007-07-19 18:14 444,776 --a------ C:\WINDOWS\system32\d3dx10_35.dll
2008-05-09 20:52 . 2007-05-16 16:45 443,752 --a------ C:\WINDOWS\system32\d3dx10_34.dll
2008-05-09 20:52 . 2007-03-15 16:57 443,752 --a------ C:\WINDOWS\system32\d3dx10_33.dll
2008-05-08 22:38 . 2008-05-08 22:38 <DIR> d-------- C:\Programmi\CANAL+
2008-05-07 22:18 . 2008-05-07 22:18 <DIR> d-------- C:\Programmi\File comuni\BOONTY Shared
2008-05-07 22:18 . 2008-05-07 22:18 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\BOONTY
2008-05-07 22:15 . 2008-05-07 22:16 <DIR> d-------- C:\Programmi\BoontyGames
2008-05-07 22:15 . 2008-05-07 22:15 <DIR> d-------- C:\Programmi\Boonty
2008-05-03 20:19 . 2008-05-03 20:19 <DIR> d-------- C:\Documents and Settings\Domenico\Dati applicazioni\Canon
2008-05-02 10:09 . 2008-05-02 10:09 <DIR> d-------- C:\WINDOWS\system32\xircom
2008-05-02 10:09 . 2008-05-02 10:09 <DIR> d-------- C:\WINDOWS\srchasst
2008-05-02 10:09 . 2008-05-02 10:09 <DIR> d-------- C:\Programmi\microsoft frontpage
2008-05-01 23:50 . 2008-05-01 23:50 <DIR> d--hs---- C:\WINDOWS\ftpcache
2008-05-01 18:12 . 2008-05-01 18:12 <DIR> d-------- C:\Programmi\Trend Micro
2008-05-01 18:12 . 2008-02-27 16:52 49,152 --a------ C:\WINDOWS\system32\ArmAccess.dll
2008-05-01 18:08 . 2008-05-15 21:16 <DIR> d-------- C:\Programmi\Spyware Doctor
2008-05-01 18:08 . 2008-05-15 21:16 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-26 12:29 . 2008-04-26 12:29 <DIR> dr-h----- C:\Documents and Settings\Domenico\Dati applicazioni\SecuROM

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-16 18:21 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-05-16 18:11 --------- d-----w C:\Documents and Settings\Domenico\Dati applicazioni\AVG7
2008-05-15 19:28 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-15 19:10 --------- d-----w C:\Documents and Settings\Domenico\Dati applicazioni\Azureus
2008-05-13 18:01 --------- d-----w C:\Documents and Settings\Domenico\Dati applicazioni\BearShare
2008-05-13 15:26 --------- d-----w C:\Programmi\Nokia
2008-05-13 15:18 --------- d-----w C:\Programmi\File comuni\Nokia
2008-05-13 15:18 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-05-12 18:58 --------- d-----w C:\Programmi\Canon
2008-05-11 20:12 --------- d-----w C:\Programmi\eMule
2008-05-09 18:39 --------- d-----w C:\Programmi\Ubisoft
2008-05-08 20:38 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2008-05-08 20:38 2,272 ----a-w C:\WINDOWS\system32\w95inf16.dll
2008-04-27 01:50 --------- d-----w C:\Programmi\KONAMI
2008-04-26 10:29 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-04-20 11:44 --------- d-----w C:\Programmi\Azureus
2008-04-14 13:02 --------- d-----w C:\Programmi\iTunes
2008-04-14 13:02 --------- d-----w C:\Programmi\iPod
2008-04-14 13:01 --------- d-----w C:\Programmi\QuickTime
2008-04-13 20:05 --------- d-----w C:\Documents and Settings\Domenico\Dati applicazioni\Nokia Multimedia Player
2008-04-13 10:17 --------- d-----w C:\Programmi\Java
2008-04-13 10:17 --------- d-----w C:\Programmi\Autodesk
2008-04-13 10:16 --------- d-----w C:\Programmi\Autodesk Network License Manager
2008-04-13 10:16 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2008-04-10 18:49 --------- d-----w C:\Programmi\File comuni\KnifeEdge
2008-04-10 17:26 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-04-07 17:45 --------- d-----w C:\Programmi\Replay Media Catcher
2008-04-07 14:14 --------- d-----w C:\Programmi\ScanSoft
2008-04-07 14:14 --------- d-----w C:\Programmi\File comuni\ScanSoft Shared
2008-04-07 14:14 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-04-07 14:14 --------- d-----w C:\Documents and Settings\Domenico\Dati applicazioni\ScanSoft
2008-04-07 14:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\ScanSoft
2008-04-07 14:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\InstallShield
2008-04-07 14:13 --------- d-----w C:\Programmi\File comuni\CANON
2008-04-07 14:10 --------- d--h--w C:\Programmi\CanonBJ
2008-04-07 14:10 --------- d--h--w C:\Documents and Settings\All Users\Dati applicazioni\CanonBJ
2008-04-04 18:44 --------- d-----w C:\Programmi\Program Files
2008-04-04 18:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2008-04-02 13:22 --------- d-----w C:\Documents and Settings\Domenico\Dati applicazioni\Apple Computer
2008-03-31 10:00 --------- d-----w C:\Programmi\Pirelli
2008-03-30 21:09 --------- d-----w C:\Programmi\Motive
2008-03-30 21:09 --------- d-----w C:\Programmi\Alice ti aiuta
2008-03-30 20:57 --------- d-----w C:\Programmi\Alice
2008-03-29 13:17 --------- d-----w C:\Programmi\Acclaim
2008-03-24 22:41 --------- d-----w C:\Programmi\Vista Crystal Gadjets
2008-03-23 15:32 --------- d-----w C:\Programmi\Unlocker
2008-03-19 15:26 --------- d-----w C:\Programmi\Google
2008-03-18 17:53 --------- d-----w C:\Programmi\Safari
2008-03-18 13:21 --------- d-----w C:\Programmi\DAEMON Tools Lite
2008-03-17 19:09 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-03-17 19:09 --------- d-----w C:\Documents and Settings\Domenico\Dati applicazioni\DAEMON Tools
2008-03-17 13:23 --------- d-----w C:\Programmi\BearShare Applications
2008-03-17 12:54 --------- d-----w C:\Programmi\File comuni\Teleca Shared
2008-03-17 12:42 --------- d-----w C:\Programmi\VIRTUAL RC RACING
2008-03-17 12:29 --------- d-----w C:\Documents and Settings\Domenico\Dati applicazioni\Nokia
2008-03-17 12:13 --------- d-----w C:\Documents and Settings\Domenico\Dati applicazioni\Leadertech
2008-03-17 12:04 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\VRCGameUpdater
2008-03-17 12:03 --------- d-----w C:\Programmi\File comuni\PCSuite
2008-03-17 11:34 --------- d-----w C:\Programmi\Telecom Italia
2008-03-17 11:02 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Bluetooth
2008-03-09 20:12 304,160 ----a-w C:\StiImg.dat
2008-03-04 19:39 225,280 ----a-w C:\WINDOWS\system32\Uninstall Netlog Photo Tool.exe
2008-03-04 19:09 155,995 ----a-w C:\WINDOWS\java\Packages\79B175VT.ZIP
2008-03-04 12:22 81,920 ----a-w C:\Documents and Settings\Domenico\Dati applicazioni\ezpinst.exe
2008-03-04 12:22 47,360 ----a-w C:\Documents and Settings\Domenico\Dati applicazioni\pcouffin.sys
2008-03-04 12:20 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2008-03-04 11:45 409,600 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-03-04 10:51 89 ----a-w C:\WINDOWS\system32\config\systemprofile\Del1E2D.bat
2008-03-04 10:51 89 ----a-w C:\Documents and Settings\Domenico\Del1E2D.bat
2008-03-04 10:51 89 ----a-w C:\Documents and Settings\Default User\Del1E2D.bat
2008-03-04 10:51 89 ----a-w C:\Documents and Settings\Administrator\Del1E2D.bat
2002-07-26 16:02 153,088 ----a-w C:\Programmi\UNWISE.EXE
.

------- Sigcheck -------

2007-12-07 03:40 825344 39ccda0e9b778792b06c1b9d794a9776 C:\WINDOWS\SoftwareDistribution\Download\0b52ea9d716c5c579ab4f56b7346b126\sp2qfe\wininet.dll
2008-01-13 08:31 926720 4b4bf306f9fc0d2a33595ffef591c2a6 C:\WINDOWS\system32\wininet.dll

2008-01-13 22:33 360832 ea3d7525f41beb321c3f6e2162277e92 C:\WINDOWS\system32\drivers\tcpip.sys

2008-01-13 08:28 544256 e6f62282ebaa63ba07fa2dc7198b8d0d C:\WINDOWS\system32\winlogon.exe

2007-02-28 18:06 2185856 763ea08993b467a3af048ef185b1f805 C:\WINDOWS\SoftwareDistribution\Download\2aa8f55e8af02052cea14cdae13ee2d9\sp2qfe\ntoskrnl.exe
2005-03-02 20:12 2183296 c120a33c71e706545cf26d6276bc0344 C:\WINDOWS\SoftwareDistribution\Download\a514f3026154c5be0e6900e5f0b39396\sp2qfe\ntoskrnl.exe
2008-01-16 15:01 2155008 0b9146e4bdecebf8a16ccf5615f9a4bb C:\WINDOWS\system32\ntoskrnl.exe

2008-01-16 21:08 1618944 b749c7bd63c18c18b6448c574c4ab53b C:\WINDOWS\explorer.exe

2008-01-13 08:24 25088 40de117b6ccfc031d2dc8b73d82020cf C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-01-13 08:24 25088]
"Sidebar"="C:\Programmi\Windows Sidebar\sidebar.exe" [2007-08-29 23:24 1233408]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe" [2007-10-23 15:18 202024]
"TaskTray"="C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe" [2001-06-29 02:00 163840]
"TaskBar"="C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe" [2002-05-08 02:00 122880]
"MsnMsgr"="C:\Programmi\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 12:34 5724184]
"LaunchList"="C:\Programmi\Pinnacle\Studio 11\LaunchList2.exe" [2007-03-21 16:41 145496]
"DAEMON Tools Lite"="C:\Programmi\DAEMON Tools Lite\daemon.exe" [2008-03-14 13:55 486856]
"E08IXLRD_22203906"="C:\Programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.exe" [2007-06-12 15:09 351000]
"Netlog 24"="C:\Programmi\Netlog 24\Notifier\Netlog24Notifier.exe" [ ]
"PC Suite Tray"="C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 11:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-07-13 09:34 8466432]
"nwiz"="nwiz.exe" [2007-07-13 09:34 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-07-13 09:34 81920]
"UnlockerAssistant"="C:\Programmi\Unlocker\UnlockerAssistant.exe" [2006-09-07 14:19 15872]
"SMSERIAL"="sm56hlpr.exe" [2004-12-29 08:01 544768 C:\WINDOWS\sm56hlpr.exe]
"CTHelper"="CTHELPER.EXE" [2002-07-02 11:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [2007-04-09 13:32 19968 C:\WINDOWS\system32\Ctxfihlp.exe]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 01:47 31016]
"NeroFilterCheck"="C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe" [2007-03-01 15:57 153136]
"NBKeyScan"="C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 09:51 1836328]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 04:06 40048]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2006-12-06 19:37 69216]
"LanguageShortcut"="C:\Programmi\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 23:55 54832]
"WireLessKeyboard"="C:\Programmi\Nortek Keyboard Application\PS2USBKbdDrv.exe" [2005-10-11 17:43 647168]
"WINDVDPatch"="CTHELPER.EXE" [2002-07-02 11:56 24576 C:\WINDOWS\system32\CTHELPER.EXE]
"UpdReg"="C:\WINDOWS\UpdReg.EXE" [2000-05-11 02:00 90112]
"Jet Detection"="C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-11-29 02:00 28672]
"CTStartup"="C:\Programmi\Creative\Splash Screen\CTEaxSpl.exe" [2001-12-20 02:00 28672]
"MaxtorOneTouch"="C:\Programmi\Maxtor\OneTouch\utils\Onetouch.exe" [2006-03-27 16:04 712704]
"mxomssmenu"="C:\Programmi\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-17 17:24 81920]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"USBToolTip"="C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe" [2006-10-16 14:50 202312]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-19 16:39 110592 C:\WINDOWS\system32\bthprops.cpl]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-20 13:40 579584]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 19:41 57344]
"BtTray"="C:\Programmi\IVT Corporation\BlueSoleil\BtTray.exe" [2007-09-10 12:08 258134]
"SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 00:14 155648]
"OpwareSE4"="C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 13:19 69632]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"egui"="C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 11:06 1443072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-01-13 08:24 25088]
"Sidebar"="C:\Programmi\Windows Sidebar\sidebar.exe" [2007-08-29 23:24 1233408]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-03-08 14:55 219136]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 18:35 1294336]
"msnmsgr"="C:\Programmi\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="regsvr32 /s /n /i:U shell32" []
"nltide_3"="advpack.dll" [2008-01-13 06:48 124928 C:\WINDOWS\system32\advpack.dll]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2008-03-30 23:09:50 212992]
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2008-03-19 17:21:40 125624]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoDesktopCleanupWizard"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"NoResolveSearch"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll
"msacm.ac3filter"= ac3filter.acm
"msacm.ctmp3"= C:\WINDOWS\system32\ctmp3.acm
"VIDC.MJPG"= Pvmjpg30.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PowerTranslator Pro OLR]
--a------ 2004-09-29 10:46 49152 C:\PROGRA~1\BVRPSO~1\POWERT~1\BVRPOlr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Azureus\\Azureus.exe"=
"C:\\Programmi\\BearShare Applications\\BearShare\\BearShare.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"C:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"C:\\Programmi\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=

R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-02-20 11:11]
R2 {95808DC4-FA4A-4c74-92FE-5B863F82066B};{95808DC4-FA4A-4c74-92FE-5B863F82066B};C:\Programmi\CyberLink\PowerDVD\000.fcl [2006-11-02 17:51]
R2 BlueSoleilCS;BlueSoleilCS;C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2007-09-14 10:44]
R3 BsHelpCS;BsHelpCS;C:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe [2007-08-17 16:58]
R3 PAC207;NX-Vega;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-01-25 16:20]
R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 00:08]
S2 NOD32FiXTemDono;Eset Nod32 Boot;C:\WINDOWS\system32\regedt32.exe [2008-01-13 08:27]
S3 Boonty Games;Boonty Games;"C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe" [2008-05-07 22:18]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;C:\WINDOWS\system32\drivers\nmwcdnsu.sys [2008-02-01 15:17]
S3 nmwcdnsuc;Nokia USB Flashing Generic;C:\WINDOWS\system32\drivers\nmwcdnsuc.sys [2008-02-01 15:17]
S3 upperdev;upperdev;C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 10:39]
S3 usb_rndis;Pirelli Alice Gate W2+ USB;C:\WINDOWS\system32\DRIVERS\usb8023.sys [2004-08-04 00:04]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\L]
\Shell\AutoRun\command - L:\DATA\AUTORUN\AUTORUN.EXE


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-13 15:07:45 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-05-16 18:38:00 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-16 20:48:16
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTStartup = C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run??????????????st????\?w? ?w???????w???w4???????.??w4???????4???TA?s4????????&2?T???\???????????\???\???????t???E?9~u?9~\???\???????pFd?L????C@?\???\??????s????\??????s\????&2?A??s?&2??C@?x???`|?w\?????@

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\C:\Programmi\CyberLink\PowerDVD\000.fcl"
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
C:\Programmi\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Programmi\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2008-05-16 20:51:33 - machine was rebooted [Domenico]
ComboFix-quarantined-files.txt 2008-05-16 18:51:29

8 Directory 105,466,175,488 byte disponibili
13 Directory 105,349,238,784 byte disponibili

355
Paciotti
Utente Junior
 
Post: 18
Iscritto il: 01/05/08 13:57

Re: stupidi virus

Postdi Luke57 » 17/05/08 08:35

Ciao, copia questo codice:

Codice: Seleziona tutto
file::
C:\Documents and Settings\Domenico\jnwfam.exe
C:\WINDOWS\system32\IJRMF.exe


incollalo in un file di testo, salva il file con il nome di CFScript.txt , trascinalo con il puntatore del mouse sull'icona di combofix per una nuova scansione.
Posta poi nuovo log di hijackthjis.
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10

Re: stupidi virus

Postdi Paciotti » 18/05/08 13:25

ciao luke57 questo e il mio logdopo aver effettuato tutti i passaggi....
grazie di rispondermi cosi velocemente.....


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.20.09, on 18/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20696)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\Maxtor\OneTouch\utils\Onetouch.exe
C:\Programmi\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Programmi\IVT Corporation\BlueSoleil\BtTray.exe
C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Windows Sidebar\sidebar.exe
C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe
C:\Programmi\DAEMON Tools Lite\daemon.exe
C:\Programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE
C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Windows Sidebar\sidebar.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
C:\Programmi\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
C:\Programmi\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Maxtor\OneTouch\Utils\SyncServices.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\UPHClean\uphclean.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Nero\Lib\NMIndexStoreSvr.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclIVTBTSrv.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: LEC - {1DBAB667-A486-421e-AFE4-CF07DD0088E5} - C:\Programmi\Power Translator\Applications\LEC IE Translation Extension.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Programmi\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [WireLessKeyboard] C:\Programmi\Nortek Keyboard Application\PS2USBKbdDrv.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] C:\Programmi\Creative\SBAudigy\PROGRAM\ADGJDet.exe
O4 - HKLM\..\Run: [CTStartup] C:\Programmi\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\Programmi\Maxtor\OneTouch\utils\Onetouch.exe
O4 - HKLM\..\Run: [mxomssmenu] "C:\Programmi\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [USBToolTip] "C:\Programmi\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [BtTray] "C:\Programmi\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [egui] "C:\Programmi\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Programmi\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [TaskTray] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTray.exe
O4 - HKCU\..\Run: [TaskBar] C:\Programmi\Creative\SBAudigy\TaskBar\CTLTask.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmi\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [LaunchList] C:\Programmi\Pinnacle\Studio 11\LaunchList2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Programmi\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [E08IXLRD_22203906] "C:\Programmi\Microsoft Encarta\Microsoft Encarta 2008 - Premium DVD\EDICT.EXE" -m
O4 - HKCU\..\Run: [Netlog 24] "C:\Programmi\Netlog 24\Notifier\Netlog24Notifier.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: Aggiungi all'elenco di stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Anteprima Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Stampa ad alta velocità Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Stampa Easy-WebPrint - res://C:\Programmi\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Barra di ricerca di Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Programmi\File comuni\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 4630495000
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 4630582468
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{AC3A9531-EB86-48D1-9B75-F6435AF79FF2}: NameServer = 85.37.17.46 85.38.28.84
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Indexing Service (CiSvc) - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Programmi\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LEC TranslateDotNet Server - Language Engineering Corporation, LLC - C:\Programmi\Power Translator\LogoMedia TranslateDotNet Server.exe
O23 - Service: MaxBackServiceInt - Unknown owner - C:\Programmi\Maxtor\Maxtor Backup\MaxBackServiceInt.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: MaxSyncService (NTService1) - - C:\Programmi\Maxtor\OneTouch\Utils\SyncServices.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\WINDOWS\system32\drivers\pclepci.sys
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

--
End of file - 15489 bytes
Paciotti
Utente Junior
 
Post: 18
Iscritto il: 01/05/08 13:57

Re: stupidi virus

Postdi Luke57 » 18/05/08 14:25

Ciao, apri hijackthis, premi "do a system scan only", cerca e spunta la voce seguente:
O23 - Service: Boonty Games - BOONTY - C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe

premi fix checked.

Poi lancia questi deu comandi, uno di seguito all'altro:
start>esegui>sc stop BOONTY (lo copi nello spazio)>OK
start>esegui>sc delete BOONTY (lo copi nello spazio)>OK

Poi cerchi ed elimini il seguente file:
C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe
Luke57
Moderatore
 
Post: 6415
Iscritto il: 11/08/05 19:10


Torna a Sicurezza e Privacy


Topic correlati a "stupidi virus":

Virus o cosa?
Autore: danibi60
Forum: Sicurezza e Privacy
Risposte: 26

Chi c’è in linea

Visitano il forum: Nessuno e 45 ospiti