PDA

Visualizza versione completa : Virus + log


brusco78
07-02-2010, 14.18.32
Salve a tutti ragazzi e grazie in anticipo per l'aiuto che mi saprete dare.
Qualche giorno fa Avast mi ha rilevato un virus/spyware e ora mi si aprono in continuazione finestre di Avast con messaggi alert, relative a file del tipo "abcdefg.exe" (a b c d e f g = numeri random , esempio 452975.exe) che si trovano in system 32.
Come posso rimuovere il mio problema?

GRAZIE MILLE

Questo il risultato del log di hijackthis:

Kurtferro
07-02-2010, 20.57.50
usa combofix e malwarebytes dopo, disattiva nel frattempo avast

brusco78
08-02-2010, 15.47.24
prover˛ e riferir˛, grazie!

brusco78
08-02-2010, 15.49.42
anzi, NON POSSO FARLO...ora ho un nuovo problema: una volta entrato nel desktop, il mouse Ŕ perennemente in modalitÓ clessidra, e non posso fare nulla....anche epr spegnerlo, posso solo spingere il pulsante sul case e chiudere drasticamente...passo alla modalitÓ provvisoria?

FDACCC
08-02-2010, 17.50.38
si!

patty70
24-04-2010, 08.41.09
Ho eseguito combofix ed ho ottenuto il log allegato. Sapreste dirmi se devo adottare qualche provvedimento?
Grazie

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))) )
.

e:\documents and settings\Patrizia\Dati applicazioni\inst.exe
e:\programmi\Search Settings
e:\programmi\Search Settings\kb128\SeARchsettings.dll
e:\programmi\Search Settings\kb128\SearchSettingsRes409.dll
e:\programmi\Search Settings\SearchSettings.exe

.
((((((((((((((((((((((((( Files Creati Da 2010-03-24 al 2010-04-24 )))))))))))))))))))))))))))))))))))
.

2010-04-24 09:07 . 2010-04-24 09:07 -------- d-----w- e:\programmi\File comuni\SWF Studio
2010-04-24 09:07 . 2010-04-24 09:07 -------- d-----w- e:\programmi\Riva
2010-04-23 19:23 . 2010-04-23 19:23 47360 ----a-w- e:\windows\system32\drivers\pcouffin.sys
2010-04-23 19:23 . 2010-04-23 19:23 47360 ----a-w- e:\documents and settings\Patrizia\Dati applicazioni\pcouffin.sys
2010-04-23 19:23 . 2010-04-23 19:23 -------- d-----w- e:\documents and settings\Patrizia\Dati applicazioni\Vso
2010-04-23 19:23 . 2010-04-23 19:23 -------- d-----w- e:\programmi\DVDFab 7
2010-04-22 08:00 . 2010-02-12 10:03 293376 ------w- e:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )
.
2010-04-24 09:21 . 2009-10-03 10:39 -------- d-----w- e:\programmi\Yahoo!
2010-04-24 08:58 . 2009-10-02 17:35 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2010-04-24 08:46 . 2009-10-02 18:05 -------- d-----w- e:\documents and settings\Patrizia\Dati applicazioni\FileZilla
2010-04-24 08:31 . 2009-10-02 17:05 24944 ----a-w- e:\windows\system32\drivers\GVTDrv.sys
2010-04-24 08:30 . 2009-10-02 16:24 16608 ----a-w- e:\windows\gdrv.sys
2010-04-23 19:12 . 2009-12-05 10:51 -------- d-----w- e:\documents and settings\All Users\Dati applicazioni\DVD Shrink
2010-03-28 15:41 . 2001-08-31 15:00 84242 ----a-w- e:\windows\system32\perfc010.dat
2010-03-28 15:41 . 2001-08-31 15:00 488954 ----a-w- e:\windows\system32\perfh010.dat
2010-03-19 17:05 . 2009-12-06 15:08 -------- d-----w- e:\programmi\Free Video Converter
2010-03-13 12:49 . 2009-10-02 18:05 -------- d-----w- e:\programmi\FileZilla FTP Client
2010-03-10 06:15 . 2004-08-19 13:39 420352 ----a-w- e:\windows\system32\vbscript.dll
2010-02-25 06:16 . 2004-08-19 13:39 916480 ----a-w- e:\windows\system32\wininet.dll
2010-02-24 13:11 . 2004-08-03 21:15 455680 ----a-w- e:\windows\system32\drivers\mrxsmb.sys
2010-02-16 19:05 . 2004-08-19 13:34 2149888 ----a-w- e:\windows\system32\ntoskrnl.exe
2010-02-16 19:05 . 2004-08-19 15:34 2028032 ----a-w- e:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33 . 2004-08-19 13:39 100864 ----a-w- e:\windows\system32\6to4svc.dll
2010-02-11 12:02 . 2004-08-03 21:07 226880 ----a-w- e:\windows\system32\drivers\tcpip6.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"EasyTuneVI"="e:\programmi\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"Acrobat Assistant 7.0"="e:\programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"AVG8_TRAY"="e:\progra~1\AVG\AVG8\avgtray.exe" [2010-03-19 2046816]
"VX1000"="e:\windows\vVX1000.exe" [2006-12-05 707360]
"LifeCam"="e:\programmi\Microsoft LifeCam\LifeExp.exe" [2007-01-13 275800]
"RTHDCPL"="RTHDCPL.EXE" [2009-09-22 18749440]
"NeroFilterCheck"="e:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"ANIWZCS2Service"="e:\programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"D-Link D-Link Wireless N DWA-140"="e:\programmi\D-Link\D-Link Wireless N DWA-140\AirNCFG.exe" [2008-04-15 1675264]

e:\documents and settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Acrobat.lnk - e:\windows\Installer\{AC76BA86-1034-4700-7760-100000000002}\SC_Acrobat.exe [2009-10-2 25214]
HP Digital Imaging Monitor.lnk.disabled [2009-10-2 1788]
InterVideo WinCinema Manager.lnk - e:\programmi\InterVideo\Common\Bin\WinCinemaMgr.ex e [2009-10-2 106496]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-10-03 07:34 11952 ----a-w- e:\windows\system32\avgrsstx.dll

[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\run-]
"MSMSGS"="e:\programmi\Messenger\msmsgs.exe" /background
"Messenger (Yahoo!)"="e:\programmi\Yahoo!\Messenger\YahooMessenger.exe" -quiet
"NBCore"="e:\programmi\File comuni\Nero\Nero BackItUp 4\NBCore.exe"
"CTFMON.EXE"=e:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\run-]
"HP Software Update"="e:\programmi\HP\HP Software Update\HPWuSchd.exe"
"StartCCC"="e:\programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
"SearchSettings"=e:\programmi\Search Settings\SearchSettings.exe
"<NO NAME>"=
"HP Component Manager"="e:\programmi\HP\hpcoretech\hpcmpmgr.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"e:\\Programmi\\AVG\\AVG8\\avgupd.exe"=
"e:\\Programmi\\AVG\\AVG8\\avgnsx.exe"=
"e:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.e xe"=
"e:\\Programmi\\Microsoft LifeCam\\LifeCam.exe"=
"e:\\Programmi\\Microsoft LifeCam\\LifeExp.exe"=
"e:\\Programmi\\eMule\\emule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"e:\programmi\Microsoft ActiveSync\rapimgr.exe"= e:\programmi\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"e:\programmi\Microsoft ActiveSync\wcescomm.exe"= e:\programmi\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"e:\programmi\Microsoft ActiveSync\WCESMgr.exe"= e:\programmi\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List]
"46146:TCP"= 46146:TCP:127.0.0.1
"33075:UDP"= 33075:UDP:127.0.0.1
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 AvgLdx86;AVG Free AVI Loader Driver x86;e:\windows\system32\drivers\avgldx86.sys [02/10/2009 19.14.25 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;e:\windows\system32\drivers\avgtdix.sys [02/10/2009 19.14.27 108552]
R2 avg8wd;AVG Free8 WatchDog;e:\progra~1\AVG\AVG8\avgwdsvc.exe [02/10/2009 19.14.19 297752]
R2 GEST Service;GEST Service for program management.;e:\programmi\GIGABYTE\EnergySaver\GSvr .exe [02/10/2009 18.26.12 80392]
S3 Ambfilt;Ambfilt;e:\windows\system32\drivers\Ambfil t.sys [05/10/2009 20.31.02 1684736]
S3 MarkFun_NT;MarkFun_NT;e:\programmi\GIGABYTE\DMI_Vi ew\markfun.w32 [02/10/2009 18.30.19 19776]
SUnknown GVTDrv;GVTDrv; [x]

--- Altri Servizi/Drivers In Memoria ---

*NewlyCreated* - APPMGMT
.
Contenuto della cartella 'Scheduled Tasks'

2009-10-04 e:\windows\Tasks\Driver Robot.job
- e:\programmi\Driver Robot\1.1.0.4\DriverRobot.exe [2009-10-04 07:09]

2009-10-06 e:\windows\Tasks\Microsoft_Hardware_Launch_vVX1000 _exe.job
- e:\windows\vVX1000.exe [2009-10-06 23:38]

2010-04-24 e:\windows\Tasks\User_Feed_Synchronization-{BA12A0D6-6B96-48EF-8F90-733548D3F975}.job
- e:\windows\system32\msfeedssync.exe [2009-03-08 02:31]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
IE: Converti destinazione link in Adobe PDF - e:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti destinazione link in file PDF esistente - e:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti i link selezionati in Adobe PDF - e:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Converti i link selezionati in file PDF esistente - e:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Converti in Adobe PDF - e:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti nel file PDF esistente - e:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Converti selezione in Adobe PDF - e:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Converti selezione in file PDF esistente - e:\programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&sporta in Microsoft Excel - e:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

BHO-{01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - (no file)
HKLM-Run-DXDllRegExe - dxdllreg.exe



************************************************** ************************
scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti:

************************************************** ************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\M arkFun_NT]
"ImagePath"="\??\e:\programmi\Gigabyte\DMI_View\markfun.w32"
.
--------------------- CHIAVI DI REGISTRO BLOCCATE ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\Curr entVersion\Installer\UserData\LocalSystem\Componen ts\ÉĽÇ|    "ĽÇ|■╗Đw*]
"0140110900063D11C8EF10054038389C"="E?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- Dlls caricate dai processi in esecuzione ---------------------

- - - - - - - > 'winlogon.exe'(916)
e:\windows\system32\Ati2evxx.dll