minore di capitale

Magazine
Go Back   Computer Juice > Computer Software > Virus, Spyware e sicurezza
Reload this Page

Smitfraud Virus

Registrati Sito Spy Elenco membri Donazione Ricerca Today's Posts Mark Forums Read Regole Forum

Register


 Default 

Smitfraud Virus




Reply
Pagina 1 di 2 1 2
 
Thread Tools
  #1  
Old 5 febbraio 2008, 12:35
Nuovo Membro Gruppo
  
Default Smitfraud Virus

Ciao
Sono nuovo al consiglio di amministrazione e vorrei contribuire a rimuovere un virus che posso pensare che sia Smitfraud e che ha dirottato il mio browser. Ho eseguito AVG e AdAware ma non aiuta. Il sistema operativo è XP è qui il log. Grazie in anticipo per il vostro aiuto.


File di log di HijackThis v1.99.1
Scan saved at 19:35:19, il 05/02/2008
Piattaforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Processi in esecuzione:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe
C: \ Program Files \ PowerISO \ PWRISOVM.EXE
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe
C: \ Program Files \ Dell Support \ DSAgnt.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ HJT \ HijackThis.exe
O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ Windows Live Toolbar \ msntb.dll
O4 - HKLM \ .. \ Run: [Persistence] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe"-start
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe"
O4 - HKLM \ .. \ Run: [FaxCenterServer] "C: \ Program Files \ Lexmark Fax Solutions \ fm3032.exe" / s
O4 - HKLM \ .. \ Run: [SpeedTouch USB Diagnostics] "C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe" / icon
O4 - HKLM \ .. \ Run: [PWRISOVM.EXE] C: \ Program Files \ PowerISO \ PWRISOVM.EXE
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / minimizzate
O4 - HKCU \ .. \ Run: [DellSupport] "C: \ Program Files \ Dell Support \ DSAgnt.exe" / startup
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra contesto voce di menu: & Windows Live Search - res: / / C: \ Program Files \ Windows Live Toolbar \ msntb.dll / search.htm
O8 - Extra contesto voce di menu: Aggiungi a Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx
O8 - Extra contesto voce di menu: E & sporta in Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra pulsante: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra pulsante: (no name) - (CD67F990-D8E9-11d2-98FE-00C0F0318AFE) - (no file)
O9 - Extra pulsante: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file mancanti)
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file mancanti)
O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø11 - Opzioni di gruppo: [INTERNATIONAL] International *
Ø16 - DPF: (5AE58FCF-6F6A-49B2-B064-02492C66E3F4) (MUCatalogWebControl Class) -- http://catalog.update.microsoft.com/...?1199470957562
Ø16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.37 212.139.132.36
Ø18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
Ø18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
Ø20 - Winlogon Notify: igfxcui - C: \ WINDOWS \ SYSTEM32 \ igfxdev.dll
Ø20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
O23 - Service: lxce_device - - C: \ WINDOWS \ system32 \ lxcecoms.exe
O23 - Service: Intel NCS netservice (NETSVC) - Intel (R) Corporation - C: \ Program Files \ Intel \ PROSetWired \ NCS \ Sync \ NetSvc.exe
O23 - Service: Securom User Access Service (V7) (UserAccess7) - Sconosciuto proprietario - C: \ WINDOWS \ system32 \ UAService7.exe
  #2  
Old 5 febbraio 2008, 13:04
Moderatore del Gruppo
  
Default Smitfraud Virus

Benvenuti a CJ.

Il log non mostra alcun malware, ma possiamo dare un'occhiata più da vicino.

Scaricare Malwarebytes' Anti-Malware sul desktop.
  • Fare doppio clic su mbam-setup.exe e seguire le istruzioni per installare il programma.
  • Alla fine, essere sicuro è posto un segno di spunta accanto a Aggiorna Malwarebytes' Anti-Malware e Lancio Malwarebytes' Anti-Malware, Quindi fare clic su Fine.
  • Se viene trovato un aggiornamento, si scarica e installa l'ultima versione.
  • Una volta che il programma ha caricato, selezionare Eseguire la scansione completa, Quindi fare clic su Scan.
  • Quando la scansione è completata, fare clic OK, Quindi Mostra i risultati per visualizzare i risultati.
  • Essere sicuri che tutto è controllato, e fare clic su Rimuovi selezionati.
  • Una volta completato, sarà aperto un registro nel Blocco note.
  • Post che l'accesso qui.
Assicurarsi di riavviare il computer.

Il registro può anche essere trovato qui:
C: \ Documents and Settings \Nome utente\ Dati applicazioni \ Malwarebytes \ Malwarebytes' Anti-Malware \ Logs \log -data. txt
O in C: \ Program Files \ Malwarebytes' Anti-Malware \ Logs \log -data. txt

Next post aggiungi
MalwareBytes Accedi
__________________
  #3  
Old 5 febbraio 2008, 13:51
Nuovo Membro Gruppo
  
Default Smitfraud Virus

Hi EF,

Grazie per la risposta veloce. Qui di seguito è il mio log di malware:

Malwarebytes' Anti-Malware 1,02
Versione del database: 320
Tipo di scansione: Scansione completa (A: \ | C: \ |)
Scansione di oggetti: 73.752
Tempo trascorso: 23 minute (s), 14 secondi (s)
Processi di memoria infetti: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori del registro infetti: 0
I dati del Registro di oggetti infetti: 0
Cartelle infette: 0
File infetti: 3
Processi di memoria infetti:
(N. oggetti dannosi individuati)
Moduli di memoria infetti:
(N. oggetti dannosi individuati)
Chiavi di registro infette:
(N. oggetti dannosi individuati)
Valori del registro infetti:
(N. oggetti dannosi individuati)
I dati del Registro di oggetti infetti:
(N. oggetti dannosi individuati)
Cartelle infette:
(N. oggetti dannosi individuati)
I file infetti:
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk (Malware.Trace) -> Impossibile eliminare. (Elimina al riavvio).
C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ ezpinst.exe (Heuristics.Malware) -> No action taken.
C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ inst.exe (Heuristics.Malware) -> No action taken.
  #4  
Old 5 febbraio 2008, 14:01
Moderatore del Gruppo
  
Default Smitfraud Virus

Guarda bene finora.

Vai alla prossima questo post e fare Fase Due e Fase Tre - CCleaner e SUPERAntiSpyware.

Inserisci il SUPERAntiSpyware log insieme ad un nuovo log Hijackthis nel prossimo post.
__________________
  #5  
Old 5 febbraio 2008, 14:44
Nuovo Membro Gruppo
  
Default Smitfraud Virus

SUPERAntiSpyware Scan Entra
http://www.superantispyware.com
Generated 02/05/2008 at 09:34
Applicazione Versione: 3/9/1008
Core Rules Database Version: 3395
Trace Rules Database Version: 1387
Tipo di scansione: Scansione completa
Total Scan Time: 00:22:21
Memoria oggetti scansionati: 376
Memoria minacce rilevate: 0
Registro di oggetti scanditi: 5837
Registro di minacce rilevate: 0
File oggetti scansionati: 11.505
File minacce rilevate: 5
Adware.Tracking Cookie
C: \ Documents and Settings \ Ryan Glenn \ Cookies \ ryan_glenn@ads.techguy [2]. Txt
C: \ Documents and Settings \ Ryan Glenn \ Cookies \ ryan_glenn @ revsci [2]. Txt
C: \ Documents and Settings \ Chiara Glenn \ Cookies \ clare_glenn @ PacificPoker [1]. Txt
C: \ Documents and Settings \ Chiara Glenn \ Cookies \ clare_glenn@videoegg.adbureau [2]. Txt
RootKit.TnCore / Trace
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk


File di log di HijackThis v1.99.1
Scan saved at 21:43:56, il 05/02/2008
Piattaforma: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Processi in esecuzione:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ cisvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe
C: \ Program Files \ PowerISO \ PWRISOVM.EXE
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe
C: \ Program Files \ Dell Support \ DSAgnt.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ WINDOWS \ explorer.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ Program Files \ HijackThis \ HijackThis.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main, Start Page = http://www.google.co.uk/
O3 - Toolbar: Windows Live Toolbar - (BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0) - C: \ Program Files \ Windows Live Toolbar \ msntb.dll
O4 - HKLM \ .. \ Run: [Persistence] C: \ WINDOWS \ system32 \ igfxpers.exe
O4 - HKLM \ .. \ Run: [ISUSScheduler] "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe"-start
O4 - HKLM \ .. \ Run: [IgfxTray] C: \ WINDOWS \ system32 \ igfxtray.exe
O4 - HKLM \ .. \ Run: [HotKeysCmds] C: \ WINDOWS \ system32 \ hkcmd.exe
O4 - HKLM \ .. \ Run: [LXCECATS] rundll32 C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X86 \ 3 \ LXCEtim e.dll, _RunDLLEntry @ 16
O4 - HKLM \ .. \ Run: [lxcemon.exe] "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe"
O4 - HKLM \ .. \ Run: [EzPrint] "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe"
O4 - HKLM \ .. \ Run: [FaxCenterServer] "C: \ Program Files \ Lexmark Fax Solutions \ fm3032.exe" / s
O4 - HKLM \ .. \ Run: [SpeedTouch USB Diagnostics] "C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe" / icon
O4 - HKLM \ .. \ Run: [PWRISOVM.EXE] C: \ Program Files \ PowerISO \ PWRISOVM.EXE
O4 - HKLM \ .. \ Run: [NeroFilterCheck] C: \ WINDOWS \ system32 \ NeroCheck.exe
O4 - HKLM \ .. \ Run: [SunJavaUpdateSched] "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe"
O4 - HKLM \ .. \ Run: [AVG7_CC] C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe / STARTUP
O4 - HKLM \ .. \ Run: [! AVG Anti-Spyware] "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" / minimizzate
O4 - HKCU \ .. \ Run: [DellSupport] "C: \ Program Files \ Dell Support \ DSAgnt.exe" / startup
O4 - HKCU \ .. \ Run: [msnmsgr] "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" / background
O4 - HKCU \ .. \ Run: [updateMgr] C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU \ .. \ Run: [SUPERAntiSpyware] C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [Uniblue RegistryBooster 2] C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe / S
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE
O8 - Extra contesto voce di menu: & Windows Live Search - res: / / C: \ Program Files \ Windows Live Toolbar \ msntb.dll / search.htm
O8 - Extra contesto voce di menu: Aggiungi a Windows & Live Favorites -- http://favorites.live.com/quickadd.aspx
O8 - Extra contesto voce di menu: E & sporta in Microsoft Excel - res: / / C: \ PROGRA ~ 1 \ micros ~ 2 \ Office10 \ EXCEL.EXE/3000
O9 - Extra pulsante: (no name) - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - (08B0E5C0-4FCB-11CF-AAA5-00401C608501) - C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ ssv.dll
O9 - Extra pulsante: (no name) - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file mancanti)
O9 - Extra 'Tools' menuitem: @ xpsp3res.dll, -20001 - (e2e2dd38-d088-4134-82b7-f2ba38496583) -% windir% \ Network Diagnostic \ xpnetdiag.exe (file mancanti)
O9 - Extra pulsante: Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - (FB5F1910-F110-11d2-BB9E-00C04F795683) - C: \ Program Files \ Messenger \ msmsgs.exe
Ø10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø10 - Unknown file in Winsock LSP: c: \ windows \ system32 \ avgfwafu.dll
Ø11 - Opzioni di gruppo: [INTERNATIONAL] International *
Ø16 - DPF: (5AE58FCF-6F6A-49B2-B064-02492C66E3F4) (MUCatalogWebControl Class) -- http://catalog.update.microsoft.com/...?1199470957562
Ø16 - DPF: (E8F628B5-259A-4734-97EE-BA914D7BE941) (Driver Agent ActiveX Control) -- http://driveragent.com/files/driveragent.cab
O17 - HKLM \ System \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.36 212.139.132.37
Ø18 - Protocol: livecall - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
Ø18 - Protocol: msnim - (828030A1-22C1-4009-854F-8E305202313F) - C: \ PROGRA ~ 1 \ MSNMES ~ 1 \ MSGRAP ~ 1.DLL
Ø20 - Winlogon Notify:! SASWinLogon - C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
Ø20 - Winlogon Notify: igfxcui - C: \ WINDOWS \ SYSTEM32 \ igfxdev.dll
Ø20 - Winlogon Notify: WgaLogon - C: \ WINDOWS \ SYSTEM32 \ WgaLogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT sro - C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, sro - C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
O23 - Service: lxce_device - - C: \ WINDOWS \ system32 \ lxcecoms.exe
O23 - Service: Intel NCS netservice (NETSVC) - Intel (R) Corporation - C: \ Program Files \ Intel \ PROSetWired \ NCS \ Sync \ NetSvc.exe
O23 - Service: Securom User Access Service (V7) (UserAccess7) - Sconosciuto proprietario - C: \ WINDOWS \ system32 \ UAService7.exe
  #6  
Old 5 febbraio 2008, 14:54
Moderatore del Gruppo
  
Default Smitfraud Virus

Il registro guarda bene ora, è il computer continua a dare indicazioni di malware?
__________________
  #7  
Old 5 febbraio 2008, 15:02
Nuovo Membro Gruppo
  
Default Smitfraud Virus

Sì, che mostra ancora segni di .. Malware unfortunatley
  #8  
Old 5 febbraio 2008, 15:12
Moderatore del Gruppo
  
Default Smitfraud Virus

Scaricare SmitfraudFix (da S! Ri) sul desktop.
  • Estrai tutti i file al tuo Destop.
  • Una cartella denominata SmitfraudFix verrà creata sul vostro desktop.
  • Apri la cartella SmitfraudFix e fare doppio clic su smitfraudfix.cmd
  • Seleziona l'opzione # 1 - Ricerca per la tipizzazione 1 e premere Inserisci
    • Questo programma effettua la scansione di grandi quantità di file sul vostro computer per conoscere i modelli quindi ti preghiamo di pazientare mentre si lavora.
    • Quando è fatto, i risultati della scansione verrà visualizzata e si creerà un registro denominato rapport.txt
      • Questo è nella root del vostro disco, per esempio: Disco locale C: o partizione in cui il tuo sistema operativo è installato.
    • Si prega di allegare che accedi al tuo prossimo risposta.
  • Nota: process.exe (Che è usato da SmitFraudFIx) viene rilevato da alcuni programmi antivirus (AntiVir, Dr.Web, Kaspersky) come un "RiskTool"; non è un virus, Ma un programma che serve per fermare i processi di sistema. I programmi antivirus non può distinguere tra "buoni" e "maligni" l'uso di questi programmi, pertanto, essi possono avvertire l'utente.
----------

Si prega di scaricare da SUBS Combofix da uno dei link qui sotto.
(Prova a tutti e tre, se necessario)Importante! Combofix.exe VA essere salvati e corse dalla Desktop.
  • Chiudere tutti i browser Web aperto. (Firefox, Internet Explorer, etc) prima di iniziare Combofix.
  • Importante! Temporaneamente disattivare tuo antivirus, script di blocco e di qualsiasi antispyware protezione in tempo reale prima eseguire una scansione.
    • Fare clic sul pulsante questo link per visualizzare un elenco di programmi di sicurezza che dovrebbero essere disattivati e come disattivarli.
    • Se la vostra non è elencato e non sapete come disabilitare questa funzione, ti chiedo.
  • Attenzione: Combofix il computer si disconnette da Internet. La connessione viene ripristinata automaticamente prima Combofix completa la sua corsa.
  • Fare doppio clic su combofix.exe e segui le istruzioni.
    • Da tastiera selezionare 1 e premere Inserisci
  • Una volta terminato, si produrrà un log per voi.
  • Post che accedi al tuo prossimo risposta.
Attenzione: Non clic combofix della finestra, mentre è in esecuzione. Che potrebbero indurlo a stallo
  • Se Combofix corre in difficoltà e termina prematuramente, la connessione può essere ripristinato manualmente riavviando il computer.
  • Importante: Ricorda di riattivare l'antivirus e antispyware prima di ricollegare a Internet.
----------

Next post
Accedi Smitfraudfix
Combofix log
__________________
  #9  
Old 5. Feb 2008, 15:43
Nuovo Membro Gruppo
  
Default Smitfraud Virus

SmitFraudFix v2.281
Scan done at 22:40:52.84, 05/02/2008
Eseguito da C: \ Documents and Settings \ Ryan Glenn \ Desktop \ SmitfraudFix
Sistema operativo: Microsoft Windows XP [Versione 5/1/2600] - Windows_NT
Il tipo di filesystem è NTFS
Fix eseguire in modalità normale
»»»»»»»»»»»»»»»»»»»»»»»» Process
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ Explorer.EXE
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ WINDOWS \ system32 \ igfxpers.exe
C: \ WINDOWS \ system32 \ hkcmd.exe
C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe
C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe
C: \ Program Files \ PowerISO \ PWRISOVM.EXE
C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe
C: \ Program Files \ Dell Support \ DSAgnt.exe
C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe
C: \ WINDOWS \ system32 \ Wuauclt.exe
C: \ WINDOWS \ system32 \ notepad.exe
C: \ Program Files \ Internet Explorer \ iexplore.exe
C: \ WINDOWS \ system32 \ cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» Hosts

»»»»»»»»»»»»»»»»»»»»»»»» C: \

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ system

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ Web

»»»»»»»»»»»»»»»»»»»»»»»» C: \ WINDOWS \ system32

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Documents and Settings \ Ryan Glenn

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C: \ DOCUME ~ 1 \ RYANGL ~ 1 \ prefer ~ 1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C: \ Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted chiavi

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
! Attenzione, a seguito di tasti non sono necessariamente infetti!
IEDFix.exe da S! Ri

»»»»»»»»»»»»»»»»»»»»»»»» VACFix
! Attenzione, a seguito di tasti non sono necessariamente infetti!
VACFix
Credits: Malware Analysis & Diagnostic
Codice: S! Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
! Attenzione, a seguito di tasti non sono necessariamente infetti!
SrchSTS.exe da S! Ri
Search SharedTaskScheduler's. Dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
! Attenzione, a seguito di tasti non sono necessariamente infetti!
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Windows]
"AppInit_DLLs" = ""

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
! Attenzione, a seguito di tasti non sono necessariamente infetti!
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon]
"System" = ""

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS
Descrizione: WAN (PPP / SLIP) Interface
DNS Server Search Order: 212.139.132.8
DNS Server Search Order: 212.139.132.9
HKLM \ SYSTEM \ CCS \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.8 212.139.132.9
HKLM \ SYSTEM \ CS1 \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.8 212.139.132.9
HKLM \ SYSTEM \ CS3 \ Services \ Tcpip \ .. \ (EB470484-F000-4F17-BAA7-0420975981FF): NameServer = 212.139.132.36 212.139.132.37

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll per infezione

»»»»»»»»»»»»»»»»»»»»»»»» End




ComboFix 08-02.05.3 - Ryan Glenn 2008-02-05 22:31:47.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.145 [GMT 0:00]
Eseguito da: C: \ Documents and Settings \ Ryan Glenn \ Desktop \ ComboFix.exe
AVVERTENZA-Questa macchina NON HANNO IL RECUPERO CONSOLE INSTALLED!
.
Altri ((((((((((((((((((((((((((((((((((((((( Deletions ))))))))) ))))))))))))))))))))))))))))))))))))))))
.
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk
C: \ WINDOWS \ system32 \ drivers \ rmcastt.sys
C: \ Documents and Settings \ All Users \ Dati applicazioni \ Microsoft \ Network \ Downloader \ qmgr0.dat
C: \ Documents and Settings \ All Users \ Dati applicazioni \ Microsoft \ Network \ Downloader \ qmgr1.dat
C: \ temp \ tn3
C: \ WINDOWS \ system32 \ drivers \ core.cache.dsk
C: \ WINDOWS \ system32 \ drivers \ rmcastt.sys
C: \ WINDOWS \ system32 \ install.exe
----- BITS: Possibile siti infetti -----
hxxp: / / www.download.windowsupdate.com
.
((((((((((((((((((((((((((((((((((((((( Driver / Servizi )))))))) )))))))))))))))))))))))))))))))))))))))))
.
------- \ LEGACY_RMCASTT
------- \ rmcastt

((((((((((((((((((((((((( Files Creati dal 2008/01/05 al 2008/02/05 ))))))))))) ))))))))))))))))))))
.
2008-02-05 22:22. 2008-02-05 22:23 <DIR> d -------- C: \ ComboFix [1]
2008-02-05 21:02. 2004/08/04 05:00 388608 - a ------ C: \ kmd.exe
2008-02-05 20:11. 2008-02-05 20:11 <DIR> d -------- C: \ Program Files \ Malwarebytes 'Anti-Malware
2008-02-05 20:11. 2008-02-05 20:11 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ Malwarebytes
2008-02-05 20:11. 2008-02-05 20:11 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Malwarebytes
2008-02-05 19:05. 2008-02-05 19:05 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ Uniblue
2008-02-05 18:50. 2008-02-05 18:50 444 - a ------ C: \ WINDOWS \ system32 \ d3d8caps.dat
2008-02-05 18:21. 2008-02-05 18:21 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Dati applicazioni \ Grisoft
2008-02-05 18:00. 2008-02-05 18:00 <DIR> d -------- C: \ Programmi \ RogueRemover FREE
2008-02-05 17:57. 2007/09/05 23:22 289144 - a ------ C: \ WINDOWS \ system32 \ VCCLSID.exe
2008-02-05 17:57. 2006/04/27 16:49 288417 - a ------ C: \ WINDOWS \ system32 \ SrchSTS.exe
2008-02-05 17:57. 2008/02/05 00:23 85504 - a ------ C: \ WINDOWS \ system32 \ VACFix.exe
2008-02-05 17:57. 2008/01/27 14:37 81920 - a ------ C: \ WINDOWS \ system32 \ IEDFix.exe
2008-02-05 17:57. 2003/06/05 20:13 53248 - a ------ C: \ WINDOWS \ system32 \ process.exe
2008-02-05 17:57. 2004/07/31 17:50 51200 - a ------ C: \ WINDOWS \ system32 \ dumphive.exe
2008-02-05 17:57. 2007/10/03 23:36 25600 - a ------ C: \ WINDOWS \ system32 \ WS2Fix.exe
2008-02-04 19:47. 2008-02-04 19:47 <DIR> d -------- C: \ WINDOWS \ MaxSecureBackup
2008-02-04 19:46. 2008-02-04 19:57 <DIR> d -------- C: \ Program Files \ Max Registry Cleaner
2008-02-04 19:46. 2007/05/24 16:57 143360 - a ------ C: \ WINDOWS \ system32 \ GetHardDiskNo.dll
2008-02-04 19:46. 2008-02-04 19:46 63 - a ------ C: \ WINDOWS \ system \ SYSRegC.dll
2008-02-02 13:49. 2008-02-02 13:49 <DIR> d -------- C: \ Program Files \ Panicware
2008-02-01 20:22. 2008-02-05 22:17 3.352 - a ------ C: \ WINDOWS \ system32 \ tmp.reg
2008-02-01 19:32. 2008-02-01 19:32 <DIR> d -------- C: \ Documents and Settings \ Administrator \ Dati applicazioni \ SUPERAntiSpyware.com
2008-02-01 18:42. 2008-02-05 19:56 <DIR> d -------- C: \ Program Files \ HJT
2008-02-01 18:39. 2008-02-01 18:39 <DIR> d -------- C: \ Program Files \ FileASSASSIN
2008-02-01 18:31. 2008-02-01 18:31 100 - a ------ C: \ WINDOWS \ system32 \ ikhcore.cfg
2008-02-01 18:21. 2005/09/23 07:29 626688 - a ------ C: \ WINDOWS \ system32 \ msvcr80.dll
2008-01-31 20:28. 2008-01-31 20:28 <DIR> d -------- C: \ VundoFix Backups
2008-01-31 19:34. 2008-02-05 22:26 <DIR> d -------- C: \ Program Files \ SUPERAntiSpyware
2008-01-31 19:34. 2008-02-02 00:55 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ SUPERAntiSpyware.com
2008-01-31 19:34. 2008-01-31 19:34 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ SUPERAntiSpyware.com
2008-01-29 22:28. 2008-01-29 22:28 <DIR> d -------- C: \ Programmi \ File comuni \ Download Manager
2008-01-29 22:08. 2008-02-01 18:49 <DIR> da ------ C: \ Documents and Settings \ All Users \ Dati applicazioni \ TEMP
2008-01-29 21:15. 2008-02-03 17:03 <DIR> d -------- C: \ Program Files \ SpywareBlaster
2008-01-23 18:08. 2008-01-23 18:08 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ SuperAdBlocker.com
2008-01-22 18:39. 2008-01-22 18:39 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ Grisoft
2008-01-22 18:39. 2007/05/30 12:10 10872 - a ------ C: \ WINDOWS \ system32 \ drivers \ AvgAsCln.sys
2008-01-22 18:18. 2008-01-22 18:18 <DIR> d -------- C: \ Documents and Settings \ LocalService \ Dati applicazioni \ AVG7
2008-01-22 18:15. 2008-02-05 21:48 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ AVG7
2008-01-22 18:15. 2008/01/22 18:15 110592 - a ------ C: \ WINDOWS \ system32 \ avgfwafu.dll
2008-01-22 17:56. 2008-02-03 08:41 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ AVG7
2008-01-21 21:10. 2008-01-22 18:14 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Grisoft
2008-01-20 16:33. 2008-01-20 16:33 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ ErrorSmart
2008-01-19 10:09. 2008-01-19 10:09 <DIR> d -------- C: \ Documents and Settings \ All Users \ Dati applicazioni \ Kaspersky Lab Setup Files
2008-01-12 11:46. 2008-01-12 11:46 <DIR> d -------- C: \ Programmi \ File comuni \ xing condivisa
2008-01-12 10:17. 2008-02-02 00:54 <DIR> d -------- C: \ Programmi \ File comuni \ Wise Installation Wizard
2008-01-10 19:54. 2008-01-12 10:18 <DIR> d -------- C: \ Program Files \ Lavasoft
2008-01-10 19:38. 2008-01-10 19:38 <DIR> d -------- C: \ Program Files \ AVI Codec Pack
2008-01-10 18:51. 2005/04/05 14:18 135168 - a ------ C: \ WINDOWS \ system32 \ igfxres.dll
2008-01-09 19:20. 2008-01-09 19:20 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ Yahoo!
2008-01-09 18:03. 2008-01-09 18:03 <DIR> d - h ----- C: \ WINDOWS \ PIF
2008-01-09 17:52. 2008-01-10 17:51 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ dvdcss
2008-01-08 18:20. 2007/03/05 05:00 421888 - a ------ C: \ WINDOWS \ system32 \ lxcedrs.dll
2008-01-08 18:20. 2007/01/30 10:22 413696 - a ------ C: \ WINDOWS \ system32 \ lxceinpa.dll
2008-01-08 18:20. 2007/01/30 10:35 397312 - a ------ C: \ WINDOWS \ system32 \ lxceiesc.dll
2008-01-08 18:20. 2007/02/22 18:32 344064 - a ------ C: \ WINDOWS \ system32 \ lxcecoin.dll
2008-01-08 18:20. 2006/10/03 23:21 330030 - a ------ C: \ WINDOWS \ system32 \ lxcehelp.chm
2008-01-08 18:20. 2007/01/30 10:18 323584 - a ------ C: \ WINDOWS \ system32 \ lxcehcp.dll
2008-01-08 18:20. 2007/01/30 10:35 274432 - a ------ C: \ WINDOWS \ system32 \ lxceinst.dll
2008-01-08 18:20. 2005/02/24 17:23 61440 - a ------ C: \ WINDOWS \ system32 \ lxcecnv4.dll
2008-01-07 20:59. 2008/01/07 20:59 54.156 - ah ----- C: \ WINDOWS \ QTFont.qfn
2008-01-06 20:31. 2008-01-06 20:31 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ InstallShield
2008-01-06 20:18. 2008-01-06 20:35 <DIR> d -------- C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ VersionTracker Pro
2008-01-05 16:23. 2008-01-05 16:23 <DIR> d -------- C: \ Program Files \ Windows Media Connect 2
2008-01-05 16:23. 2006-10-04 14:06 1.197.294 --------- C: \ WINDOWS \ system32 \ dllcache \ Sysmain.sdb
2008-01-05 16:23. 2006-10-04 14:06 764.868 --------- C: \ WINDOWS \ system32 \ dllcache \ apph_sp.sdb
2008-01-05 16:23. 2006-10-04 14:06 217.118 --------- C: \ WINDOWS \ system32 \ dllcache \ Apphelp.sdb
2008-01-05 16:19. 2008-01-05 16:21 <DIR> d -------- C: \ WINDOWS \ system32 \ drivers \ UMDF
2008-01-05 15:19. 2008-01-05 15:19 <DIR> d -------- C: \ SWSETUP
2008-01-05 15:09. 2008/01/05 15:08 23,600 - a ------ C: \ WINDOWS \ system32 \ drivers \ TVICHW32.SYS
.
(((((((((((((((((((((((((((((((((((((((( Find3M Relazione )))))))) ))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 23:25 --------- d ----- w C: \ Program Files \ Google
2008-01-31 10:50 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ Vso
2008-01-24 17:31 --------- d ----- w C: \ Program Files \ Lx_cats
2008-01-18 19:58 --------- d ----- w C: \ Program Files \ DivX
2008-01-18 19:57 --------- d ----- w C: \ Program Files \ Java
2008-01-18 19:56 --------- d ----- w C: \ Program Files \ Real
2008-01-12 11:45 --------- d ----- w C: \ Program Files \ Common Files \ Real
2008-01-12 10:26 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati applicazioni \ Lavasoft
2008-01-12 10:18 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ Lavasoft
2008-01-09 19:24 --------- d ----- w C: \ Program Files \ Yahoo!
2008-01-08 18:20 --------- d ----- w C: \ Program Files \ Lexmark 4300 Series
2008-01-07 21:55 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ AdobeUM
2008-01-04 20:45 --------- d - h - w C: \ Program Files \ InstallShield Installation Information
2008-01-04 19:57 --------- d ----- w C: \ Program Files \ Analog Devices
2008-01-04 19:06 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati applicazioni \ PC Drivers HeadQuarters
2008-01-04 18:08 --------- d ----- w C: \ Program Files \ Gabest
2008-01-04 18:08 --------- d ----- w C: \ Program Files \ CyberLink
2008-01-02 23:18 --------- d ----- w C: \ Program Files \ Ahead
2008-01-02 23:14 --------- d ----- w C: \ Programmi \ File comuni \ Ahead
2007-12-29 14:16 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ DivX
2007-12-22 11:48 --------- d ----- w C: \ Documents and Settings \ All Users \ Dati applicazioni \ vsosdk
2007/12/21 16:06 47.360 ---- aw C: \ WINDOWS \ system32 \ drivers \ pcouffin.sys
2007/12/21 16:06 47.360 ---- aw C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ pcouffin.sys
2007-12-21 16:06 --------- d ----- w C: \ Program Files \ VSO
2007-12-11 20:36 --------- d ----- w C: \ Program Files \ Virtual Dub
2007-12-10 20:22 --------- d ----- w C: \ Program Files \ plugins
2007-12-10 20:22 --------- d ----- w C: \ Program Files \ aviproxy
2007-12-10 19:47 --------- d ----- w C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ Pegasys Inc
2007/12/10 19:39 33.408 ---- aw C: \ WINDOWS \ system32 \ drivers \ CDRBSDRV.SYS
2007-12-06 01:47 --------- d ----- w C: \ Program Files \ MSN Messenger
2007/05/20 11:28 31.528 ---- aw C: \ Documents and Settings \ Ryan Glenn \ Dati applicazioni \ GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))) ))))))))))))))))))))))))))))))))))))))))
.
.
* Nota * vuoto voci & legit default voci non vengono visualizzate
REGEDIT4
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntVersion \ Run]
"Ctfmon.exe" = "C: \ Program Files \ Dell Support \ DSAgnt.exe" [2004-07-19 07:51 306688]
"msnmsgr" = "C: \ Program Files \ MSN Messenger \ msnmsgr.exe" [2007-01-19 12:54 5674352]
"updateMgr" = "C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ AdobeUpdateManager.exe" [2006-03-30 16:45 313472]
"SUPERAntiSpyware" = "C: \ Program Files \ SUPERAntiSpyware \ SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]
"ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004-08-04 05:00 15360]
"CTFMON.EXE 2" = "C: \ Program Files \ Uniblue \ RegistryBooster 2 \ RegistryBooster.exe" []
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entVersion \ Run]
"Persistence" = "C: \ WINDOWS \ system32 \ E igfxpers.ex" [2005-04-05 19:23 114688]
"ISUSScheduler" = "C: \ Program Files \ Common Files \ InstallShield \ UpdateService \ issch.exe" [2004-07-27 16:50 81920]
"SunJavaUpdateSched" = "C: \ WINDOWS \ system32 \ igfxtray.exe" [2005-04-05 14:22 94208]
"NvCplDaemon" = "C: \ WINDOWS \ system32 \ hkcmd.exe" [2005-04-05 19:19 77824]
"LXCECATS" = "C: \ WINDOWS \ System32 \ spool \ DRIVERS \ W32X 86 \ 3 \ LXCEtime.dll" [2007-02-22 05:17 73728]
"lxcemon.exe" = "C: \ Program Files \ Lexmark 4300 Series \ lxcemon.exe" [2005-08-02 17:45 192512]
"EzPrint" = "C: \ Program Files \ Lexmark 4300 Series \ ezprint.exe" [2005-07-26 12:17 94208]
"FaxCenterServer" = "C: \ Program Files \ Lexmark Fax Solutions \ fm3032.exe" [2005-07-12 09:36 299008]
"SpeedTouch USB Diagnostics" = "C: \ Program Files \ Thomson \ SpeedTouch USB \ Dragdiag.exe" [2004-01-26 11:38 866816]
"Avast!" = "C: \ Program Files \ PowerISO \ avast!" [2007-01-20 07:09 200704]
"NeroFilterCheck" = "C: \ WINDOWS \ system32 \ NeroCheck.e xe" [2001-07-09 11:50 155648]
"SunJavaUpdateSched" = "C: \ Program Files \ Java \ jre1.6.0_03 \ bin \ jusched.exe" [2007-09-25 00:11 132496]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgcc.exe" [2008-01-22 18:14 579072]
"! AVG Anti-Spyware" = "C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ avgas.exe" [2007-06-11 09:25 6731312]
[HKEY_USERS \. DEFAULT \ Software \ Microsoft \ Windows \ Cur rentVersion \ Run]
"Ctfmon.exe" = "C: \ WINDOWS \ system32 \ ctfmon.exe" [2004-08-04 05:00 15360]
"AVG7_Run" = "C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgw.exe" [2008-01-22 18:14 219136]
C: \ Documents and Settings \ All Users \ Menu Avvio \ Programmi \ Startup \
Adobe Reader Speed Launch.lnk - C: \ Program Files \ Adobe \ Acrobat 7.0 \ Reader \ reader_sl.exe [2005-09-23 22:05:26 29696]
Microsoft Office.lnk - C: \ Program Files \ Microsoft Office \ Office10 \ OSA.EXE [2001-02-13 01:01:04 83360]
[HKEY_CURRENT_USER \ SOFTWARE \ Microsoft \ Windows \ Curre ntversion \ Policies \ System]
"DisableRegistryTools" = 0 (0x0)
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows \ Curr entversion \ Explorer \ ShellExecuteHooks]
"(5AE067D3-9AFB-48E0-853A-EBB7F4A000DA)" = C: \ Program Files \ SUPERAntiSpyware \ SASSEH.DLL [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Notify \! SASWinLogon]
C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll 2007-04-19 13:41 294912 C: \ Program Files \ SUPERAntiSpyware \ SASWINLO.dll
[HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ contro l \ securityproviders]
SecurityProviders msapsspc.dll, Schannel.dll, digest.dll, msnsspc.dll,
S1 SABKUTIL; SABKUTIL; C: \ Program Files \ SuperAdBlocker.com \ Super Ad Blocker \ SABKUTIL.sys []
.
Indice dell ' "Operazioni pianificate' cartella
"2008-02-05 21:51:05 C: \ WINDOWS \ Tasks \ Verifica aggiornamenti per Windows Live Toolbar.job"
- C: \ Program Files \ Windows Live Toolbar \ MSNTBUP.EXE
"2008-02-05 03:30:00 C: \ WINDOWS \ Tasks \ ErrorSmart pianificate Scan.job"
- C: \ Program Files \ ErrorSmart \ ErrorSmart.ex
- C: \ Program Files \ ErrorSmart
.
************************************************** ************************
catchme 0.3.1344 W2K/XP/Vista - rootkit / stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 22:35:43
5/1/2600 Windows Service Pack 2 NTFS
scansione processi nascosti ...
scansione entrate autostart nascoste ...
scansione di file nascosti ...
scansione completata con successo
i file nascosti: 0
************************************************** ************************
.
------------------------ Altri processi in esecuzione ----------------------- --
.
C: \ Program Files \ Lavasoft \ Ad-Aware 2007 \ aawservice.exe
C: \ Program Files \ Grisoft \ AVG Anti-Spyware 7,5 \ guard.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgamsvr.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgupsvc.exe
C: \ WINDOWS \ system32 \ lxcecoms.exe
C: \ WINDOWS \ system32 \ UAService7.exe
C: \ PROGRA ~ 1 \ Grisoft \ AVG7 \ avgfwsrv.exe
C: \ WINDOWS \ system32 \ wscntfy.exe
C: \ DOCUME ~ 1 \ RYANGL ~ 1 \ LOCALS ~ 1 \ Temp \ SSUPDATE.EXE
.
************************************************** ************************
.
Ora fine: 2008-02-05 22:38:02 - macchina è stato riavviato [Ryan Glenn]
ComboFix-quarantined-files.txt 2008-02-05 22:37:46
.
2008-01-06 03:02:26 --- EOF ---
  #10  
Old 5. Feb 2008, 15:55
Moderatore del Gruppo
  
Default Smitfraud Virus

Esegui CCleaner.

Invia un nuovo log di HijackThis.

Ha fatto l'aiuto Combofix?
__________________
Reply
Pagina 1 di 2 1 2

Register

Segnalibri

Threads simili
Filo Thread Starter Forum Risposte Ultimo Post
I miei amici MAC è un virus ... umm ... yeah ... un virus ... cheesepuff Virus, Spyware e sicurezza 3 29 Ott 2008 12:58
Smitfraud-C Egli non vuole morire! PlatSpin Virus, Spyware e sicurezza 13 19 Ago 2008 10:24
Smitfraud-c.msvps guccijana Virus, Spyware e sicurezza 158 30 gen 2008 20:07
Smitfraudfix.exe - Smitfraud-C.Toolbar888 Hybr! D Virus, Spyware e sicurezza 1 29 Ott 2007 11:02
Zlob, Smitfraud, pop up, rosso sfondo modifiche guccijana Virus, Spyware e sicurezza 20 30. Set 2007 20:26
Thread Tools



Arabic Bulgarian Chinese (Simplified) Chinese (Traditional) Croatian Czech Danish Dutch English Finnish French German Greek Hebrew Hungarian Italian Japanese Korean Latvian Lithuanian Norwegian Polish Portuguese Romanian Russian Serbian Slovak Spanish Swedish Thai Turkish Ukrainian

Copyright © 2006 - 2009 Computer Juice.
Contatto -- Privacy -- Mappa del sito -- Superiore

Powered by vBulletin ® Copyright © 2000 - 2009 Jelsoft Enterprises Ltd. Traduzione italiana SEO by vBSEO © 2009, alla scansione, Inc.