Punto informatico Network
Login Esegui login | Non sei registrato? Iscriviti ora (è gratuito!)
Username: Password:
  • Annuncio Pubblicitario

VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Un virus si è intromesso nel tuo computer? Vuoi navigare in tutta sicurezza? Sono sicure le transazione online? Come impedire a malintenzionati di intromettersi nel tuo pc? Come proteggere i tuoi dati? Qui trovi le risposte a queste ed altre domande

VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda LegioneFelix17 » lun gen 24, 2011 2:32 pm

AIUTOOOOOOO invio in automatico link a tutti quelli connessi su facebook.....che devo fare?????
Avatar utente
LegioneFelix17
Aficionado
Aficionado
 
Messaggi: 70
Iscritto il: mer mag 14, 2008 2:22 pm

Re: VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda LegioneFelix17 » lun gen 24, 2011 2:34 pm

perché la finestra di facebook è in inglese???
Avatar utente
LegioneFelix17
Aficionado
Aficionado
 
Messaggi: 70
Iscritto il: mer mag 14, 2008 2:22 pm

Re: VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda LegioneFelix17 » lun gen 24, 2011 2:37 pm

AIUTO!!!!!!
Avatar utente
LegioneFelix17
Aficionado
Aficionado
 
Messaggi: 70
Iscritto il: mer mag 14, 2008 2:22 pm


Re: VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda Berga95 » lun gen 24, 2011 2:54 pm

Cominciamo con una bella scansione con HijackThis: scaricalo da qui
Fagli fare una scansione, poi salva il log e allegalo qui con il tag MEMO
Codice: Seleziona tutto
[MEMO]QUI il LOG[/MEMO]
Non è morto ciò che in eterno può attendere - e col passare di strani eoni - anche la morte può morire.
~ H.P. Lovecraft
Avatar utente
Berga95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3342
Iscritto il: sab set 12, 2009 12:56 pm

Re: VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda LegioneFelix17 » lun gen 24, 2011 3:03 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:04:09, on 20.09.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\emule048extreme\emule0.49b-Xtreme7.1\emule.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 76.76.101.212 006.free-counter.co.uk
O1 - Hosts: 76.76.101.212 006.freecounters.co.uk
O1 - Hosts: 76.76.101.212 06272002-dbase.hitcountz.net
O1 - Hosts: 76.76.101.212 0stats.com
O1 - Hosts: 76.76.101.212 123counter.mycomputer.com
O1 - Hosts: 76.76.101.212 123counter.superstats.com
O1 - Hosts: 76.76.101.212 1ca.cqcounter.com
O1 - Hosts: 76.76.101.212 1uk.cqcounter.com
O1 - Hosts: 76.76.101.212 1us.cqcounter.com
O1 - Hosts: 76.76.101.212 1xxx.cqcounter.com
O1 - Hosts: 76.76.101.212 2001-007.com
O1 - Hosts: 76.76.101.212 3bc3fd26-91cf-46b2-8ec6-b1559ada0079.statcamp.net
O1 - Hosts: 76.76.101.212 4-counter.com
O1 - Hosts: 76.76.101.212 a796faee-7163-4757-a34f-e5b48cada4cb.statcamp.net
O1 - Hosts: 76.76.101.212 abscbn.spinbox.net
O1 - Hosts: 76.76.101.212 activity.serving-sys.com
O1 - Hosts: 76.76.101.212 ad-logics.com
O1 - Hosts: 76.76.101.212 adclient.rottentomatoes.com
O1 - Hosts: 76.76.101.212 adcodes.aim4media.com
O1 - Hosts: 76.76.101.212 adcounter.globeandmail.com
O1 - Hosts: 76.76.101.212 adcounter.theglobeandmail.com
O1 - Hosts: 76.76.101.212 addfreestats.com
O1 - Hosts: 76.76.101.212 ademails.com
O1 - Hosts: 76.76.101.212 adlog.com.com
O1 - Hosts: 76.76.101.212 admanmail.com
O1 - Hosts: 76.76.101.212 adopt.specificclick.net
O1 - Hosts: 76.76.101.212 ads.tiscali.com
O1 - Hosts: 76.76.101.212 ads.tiscali.it
O1 - Hosts: 76.76.101.212 adult.foxcounter.com
O1 - Hosts: 76.76.101.212 ai062.insightexpress.com
O1 - Hosts: 76.76.101.212 ai078.insightexpressai.com
O1 - Hosts: 76.76.101.212 ai087.insightexpress.com
O1 - Hosts: 76.76.101.212 ai113.insightexpressai.com
O1 - Hosts: 76.76.101.212 ai125.insightexpressai.com
O1 - Hosts: 76.76.101.212 alpha.easy-hit-counters.com
O1 - Hosts: 76.76.101.212 amateur.xxxcounter.com
O1 - Hosts: 76.76.101.212 analytics.prx.org
O1 - Hosts: 76.76.101.212 anm.intelli-direct.com
O1 - Hosts: 76.76.101.212 arbo.hit.gemius.pl
O1 - Hosts: 76.76.101.212 au.track.decideinteractive.com
O1 - Hosts: 76.76.101.212 au052.insightexpress.com
O1 - Hosts: 76.76.101.212 banner.0catch.com
O1 - Hosts: 76.76.101.212 banners.webcounter.com
O1 - Hosts: 76.76.101.212 be.sitestat.com
O1 - Hosts: 76.76.101.212 best-search.cc
O1 - Hosts: 76.76.101.212 beta.easy-hit-counter.com
O1 - Hosts: 76.76.101.212 beta.easy-hit-counters.com
O1 - Hosts: 76.76.101.212 beta.easyhitcounters.com
O1 - Hosts: 76.76.101.212 bilbo.counted.com
O1 - Hosts: 76.76.101.212 birta.stats.is
O1 - Hosts: 76.76.101.212 bluekai.com
O1 - Hosts: 76.76.101.212 bluestreak.com
O1 - Hosts: 76.76.101.212 bookproplus.com
O1 - Hosts: 76.76.101.212 broadcastpc.tv
O1 - Hosts: 76.76.101.212 report.broadcastpc.tv
O1 - Hosts: 76.76.101.212 www.broadcastpc.tv
O1 - Hosts: 76.76.101.212 bserver.blick.com
O1 - Hosts: 76.76.101.212 c.thecounter.de
O1 - Hosts: 76.76.101.212 c1.statcounter.com
O1 - Hosts: 76.76.101.212 c1.thecounter.com
O1 - Hosts: 76.76.101.212 c1.thecounter.de
O1 - Hosts: 76.76.101.212 c1.xxxcounter.com
O1 - Hosts: 76.76.101.212 c10.statcounter.com
O1 - Hosts: 76.76.101.212 c11.statcounter.com
O1 - Hosts: 76.76.101.212 c12.statcounter.com
O1 - Hosts: 76.76.101.212 c13.statcounter.com
O1 - Hosts: 76.76.101.212 c14.statcounter.com
O1 - Hosts: 76.76.101.212 c15.statcounter.com
O1 - Hosts: 76.76.101.212 c16.statcounter.com
O1 - Hosts: 76.76.101.212 c17.statcounter.com
O1 - Hosts: 76.76.101.212 c2.gostats.com
O1 - Hosts: 76.76.101.212 c2.thecounter.com
O1 - Hosts: 76.76.101.212 c2.thecounter.de
O1 - Hosts: 76.76.101.212 c2.xxxcounter.com
O1 - Hosts: 76.76.101.212 c3.gostats.com
O1 - Hosts: 76.76.101.212 c3.statcounter.com
O1 - Hosts: 76.76.101.212 c3.thecounter.com
O1 - Hosts: 76.76.101.212 c3.xxxcounter.com
O1 - Hosts: 76.76.101.212 c4.myway.com
O1 - Hosts: 76.76.101.212 c4.statcounter.com
O1 - Hosts: 76.76.101.212 c5.statcounter.com
O1 - Hosts: 76.76.101.212 c6.statcounter.com
O1 - Hosts: 76.76.101.212 c7.statcounter.com
O1 - Hosts: 76.76.101.212 c8.statcounter.com
O1 - Hosts: 76.76.101.212 c9.statcounter.com
O1 - Hosts: 76.76.101.212 ca.cqcounter.com
O1 - Hosts: 76.76.101.212 cashcounter.com
O1 - Hosts: 76.76.101.212 cb1.counterbot.com
O1 - Hosts: 76.76.101.212 cdxbin.vulnerap.com
O1 - Hosts: 76.76.101.212 cgi.hotstat.nl
O1 - Hosts: 76.76.101.212 cgi.sexlist.com
O1 - Hosts: 76.76.101.212 cgicounter.onlinehome.de
O1 - Hosts: 76.76.101.212 cgicounter.puretec.de
O1 - Hosts: 76.76.101.212 citrix.tradedoubler.com
O1 - Hosts: 76.76.101.212 cjt1.net
O1 - Hosts: 76.76.101.212 click.atdmt.com
O1 - Hosts: 76.76.101.212 click.fivemtn.com
O1 - Hosts: 76.76.101.212 click.investopedia.com
O1 - Hosts: 76.76.101.212 click.payserve.com
O1 - Hosts: 76.76.101.212 click.silvercash.com
O1 - Hosts: 76.76.101.212 clickauditor.net
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Avira AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

--
End of file - 8374 bytes
Avatar utente
LegioneFelix17
Aficionado
Aficionado
 
Messaggi: 70
Iscritto il: mer mag 14, 2008 2:22 pm

Re: VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda LegioneFelix17 » lun gen 24, 2011 3:04 pm

IL virus continuo a mandare via email ( su facebook) i link!!!!
Avatar utente
LegioneFelix17
Aficionado
Aficionado
 
Messaggi: 70
Iscritto il: mer mag 14, 2008 2:22 pm

Re: VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda Sabbb » lun gen 24, 2011 3:08 pm

Ma cosa hai scaricato? C'è quasi da fixare tutto in quel log .
Avatar utente
Sabbb
Utente inattivo
 
Messaggi: 4483
Iscritto il: sab set 04, 2010 11:19 am

Re: VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda LegioneFelix17 » lun gen 24, 2011 3:11 pm

Mi è arrivata una email su facebook con un link ho cliccato ed è siccesso il guaio......che devo fare?
Avatar utente
LegioneFelix17
Aficionado
Aficionado
 
Messaggi: 70
Iscritto il: mer mag 14, 2008 2:22 pm

Re: VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda Ale2695 » lun gen 24, 2011 3:13 pm

Senti, hai il pc abbastanza messo male, quindi direi di farci una bella passata di Combofix. Lo scarichi, lo salvi sul desktop col nome di pippo.exe, lo avvii, non installare la console di ripristino, lo fai scansionare e poi posti il log qui sul forum
http://www.chimerarevo.com/
Avatar utente
Ale2695
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5927
Iscritto il: dom gen 18, 2009 10:39 am
Località: Novara

Re: VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda LegioneFelix17 » lun gen 24, 2011 3:37 pm

ComboFix 11-01-23.07 - AUGUSTO 24.01.2011 15:26:04.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.1015.444 [GMT 1:00]
Eseguito da: c:\users\AUGUSTO\Desktop\pippo.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\AUGUSTO\AppData\Local\10112010146115108108.xxe
c:\users\AUGUSTO\AppData\Local\frcdoars.exe
c:\windows\bt7.dat

.
((((((((((((((((((((((((( Files Creati Da 2010-12-24 al 2011-01-24 )))))))))))))))))))))))))))))))))))
.

2011-01-24 14:34 . 2011-01-24 14:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-01-24 14:34 . 2011-01-24 14:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-24 11:32 . 2011-01-24 11:27 318976 ----a-w- c:\windows\system32\CF25350.exe
2011-01-24 11:11 . 2011-01-24 14:31 -------- d-----w- c:\users\AUGUSTO\AppData\Local\pixeasy Air
2011-01-24 11:10 . 2011-01-24 11:10 -------- d-----w- c:\users\AUGUSTO\AppData\Roaming\FissaSearch
2011-01-24 11:09 . 2011-01-24 11:09 -------- d-----w- c:\program files\PixEasy
2011-01-21 10:51 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{583AAA6C-4692-4010-85C5-8520DE492F0A}\mpengine.dll
2011-01-11 19:19 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-11 19:19 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-11 19:19 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-11 19:19 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-11 19:19 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-11 19:19 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-11 19:18 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-04 18:56 . 2010-12-14 20:42 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-14 20:42 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-14 20:42 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-14 20:42 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-14 20:42 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-14 20:41 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-14 20:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-14 20:41 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-14 20:41 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57 . 2010-12-14 20:41 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01 . 2010-12-14 20:41 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-14 20:41 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-14 20:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44 . 2010-12-14 20:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27 . 2010-12-14 20:41 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20 . 2010-12-14 20:41 2048 ----a-w- c:\windows\system32\tzres.dll
2007-01-25 02:52 . 2007-01-25 02:52 65536 ----a-w- c:\program files\Common Files\NMSAccessU.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b9b311cd-e430-43c9-b579-07eb818ce7be}]
2010-08-19 12:51 135840 ----a-w- c:\program files\PixEasy\spointer\extensions\pixeasy_air_ie.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-13 240112]
"CPMonitor"="c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe" [2008-08-10 80368]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^AUGUSTO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 135664]
R2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [2008-08-13 367088]
R2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [2008-08-13 309744]
R2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [2008-08-13 170480]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-04-22 9728]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-04-22 3072]
R3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [2008-08-13 313840]
R3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2008-08-13 1124848]
S0 CFRMD;CFRMD;c:\windows\System32\drivers\cfrmd.sys [2010-01-05 129448]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-03 691696]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2008-10-16 29184]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'

2011-01-23 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-01-07 15:37]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 14:21]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 14:21]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\AUGUSTO\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe
AddRemove-{7919D8D9-69FB-4E94-B330-04C4AF251867} - c:\programdata\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-24 15:35
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2011-01-24 15:38:50
ComboFix-quarantined-files.txt 2011-01-24 14:38
ComboFix2.txt 2009-09-18 10:00
ComboFix3.txt 2009-09-16 14:15

Pre-Run: 298'363'170'816 byte disponibili
Post-Run: 298'343'440'384 byte disponibili

- - End Of File - - 95B6C01E4720971DC3B06190B06C4231
Avatar utente
LegioneFelix17
Aficionado
Aficionado
 
Messaggi: 70
Iscritto il: mer mag 14, 2008 2:22 pm

Re: VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda LegioneFelix17 » lun gen 24, 2011 4:06 pm

LegioneFelix17 ha scritto:

ComboFix 11-01-23.07 - AUGUSTO 24.01.2011 15:26:04.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.39.1040.18.1015.444 [GMT 1:00]
Eseguito da: c:\users\AUGUSTO\Desktop\pippo.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\AUGUSTO\AppData\Local\10112010146115108108.xxe
c:\users\AUGUSTO\AppData\Local\frcdoars.exe
c:\windows\bt7.dat

.
((((((((((((((((((((((((( Files Creati Da 2010-12-24 al 2011-01-24 )))))))))))))))))))))))))))))))))))
.

2011-01-24 14:34 . 2011-01-24 14:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-01-24 14:34 . 2011-01-24 14:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-24 11:32 . 2011-01-24 11:27 318976 ----a-w- c:\windows\system32\CF25350.exe
2011-01-24 11:11 . 2011-01-24 14:31 -------- d-----w- c:\users\AUGUSTO\AppData\Local\pixeasy Air
2011-01-24 11:10 . 2011-01-24 11:10 -------- d-----w- c:\users\AUGUSTO\AppData\Roaming\FissaSearch
2011-01-24 11:09 . 2011-01-24 11:09 -------- d-----w- c:\program files\PixEasy
2011-01-21 10:51 . 2011-01-13 09:41 5890896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{583AAA6C-4692-4010-85C5-8520DE492F0A}\mpengine.dll
2011-01-11 19:19 . 2010-12-28 15:55 413696 ----a-w- c:\windows\system32\odbc32.dll
2011-01-11 19:19 . 2010-12-28 15:53 253952 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-11 19:19 . 2010-12-28 15:53 241664 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-11 19:19 . 2010-12-28 15:53 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-11 19:19 . 2010-12-28 15:53 57344 ----a-w- c:\program files\Common Files\System\msadc\msadcs.dll
2011-01-11 19:19 . 2010-12-28 15:53 180224 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-11 19:18 . 2010-12-14 14:49 1169408 ----a-w- c:\windows\system32\sdclt.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-04 18:56 . 2010-12-14 20:42 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-04 18:55 . 2010-12-14 20:42 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-11-04 18:55 . 2010-12-14 20:42 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-04 18:55 . 2010-12-14 20:42 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-04 16:34 . 2010-12-14 20:42 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 06:01 . 2010-12-14 20:41 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-02 05:57 . 2010-12-14 20:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-02 05:57 . 2010-12-14 20:41 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-02 05:57 . 2010-12-14 20:41 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-11-02 05:57 . 2010-12-14 20:41 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-11-02 05:01 . 2010-12-14 20:41 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 04:26 . 2010-12-14 20:41 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-11-02 04:24 . 2010-12-14 20:41 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-10-28 15:44 . 2010-12-14 20:41 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-28 13:27 . 2010-12-14 20:41 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-10-28 13:20 . 2010-12-14 20:41 2048 ----a-w- c:\windows\system32\tzres.dll
2007-01-25 02:52 . 2007-01-25 02:52 65536 ----a-w- c:\program files\Common Files\NMSAccessU.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b9b311cd-e430-43c9-b579-07eb818ce7be}]
2010-08-19 12:51 135840 ----a-w- c:\program files\PixEasy\spointer\extensions\pixeasy_air_ie.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-11 133656]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-11 166424]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe" [2008-08-13 240112]
"CPMonitor"="c:\program files\Roxio Creator 2009\5.0\CPMonitor.exe" [2008-08-10 80368]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoAutoUpdate"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^AUGUSTO^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
path=c:\users\AUGUSTO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
%ProgramFiles%\Windows Defender\MSASCui.exe -hide [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-04-04 05:42 36272 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

R2 gupdate;Servizio di Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 135664]
R2 Roxio Upnp Server 11;Roxio Upnp Server 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe [2008-08-13 367088]
R2 RoxLiveShare11;LiveShare P2P Server 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe [2008-08-13 309744]
R2 RoxWatch11;Roxio Hard Drive Watcher 11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe [2008-08-13 170480]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2009-04-22 9728]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2009-04-22 3072]
R3 Roxio UPnP Renderer 11;Roxio UPnP Renderer 11;c:\program files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe [2008-08-13 313840]
R3 RoxMediaDB11;RoxMediaDB11;c:\program files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe [2008-08-13 1124848]
S0 CFRMD;CFRMD;c:\windows\System32\drivers\cfrmd.sys [2010-01-05 129448]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2009-11-03 691696]
S3 Atc002;NDIS Miniport Driver for Atheros L2 Fast Ethernet Controller;c:\windows\system32\DRIVERS\l260x86.sys [2008-10-16 29184]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contenuto della cartella 'Scheduled Tasks'

2011-01-23 c:\windows\Tasks\COMODO System Cleaner Update.job
- c:\program files\COMODO\COMODO System-Cleaner\UpdateApplications.exe [2010-01-07 15:37]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 14:21]

2011-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-22 14:21]
.
.
------- Scansione supplementare -------
.
uStart Page = hxxp://www.google.it/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
uInternet Settings,ProxyOverride = local
IE: E&sporta in Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to Mp3 Converter - c:\users\AUGUSTO\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
.
- - - - CHIAVI ORFANE RIMOSSE - - - -

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Babylon Client - c:\program files\Babylon\Babylon-Pro\Babylon.exe
AddRemove-{7919D8D9-69FB-4E94-B330-04C4AF251867} - c:\programdata\Uninstall\{7919D8D9-69FB-4E94-B330-04C4AF251867}\setup.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-24 15:35
Windows 6.0.6002 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2011-01-24 15:38:50
ComboFix-quarantined-files.txt 2011-01-24 14:38
ComboFix2.txt 2009-09-18 10:00
ComboFix3.txt 2009-09-16 14:15

Pre-Run: 298'363'170'816 byte disponibili
Post-Run: 298'343'440'384 byte disponibili

- - End Of File - - 95B6C01E4720971DC3B06190B06C4231

Che devo fare???
Avatar utente
LegioneFelix17
Aficionado
Aficionado
 
Messaggi: 70
Iscritto il: mer mag 14, 2008 2:22 pm

Re: VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda Berga95 » lun gen 24, 2011 4:15 pm

A quand'è che risalgono i problemi? Giusto per escludere un po' di roba, che mi sembra non sia stata eliminata tutta...
Non è morto ciò che in eterno può attendere - e col passare di strani eoni - anche la morte può morire.
~ H.P. Lovecraft
Avatar utente
Berga95
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 3342
Iscritto il: sab set 12, 2009 12:56 pm

Re: VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda LegioneFelix17 » lun gen 24, 2011 4:17 pm

Da ieri...
Avatar utente
LegioneFelix17
Aficionado
Aficionado
 
Messaggi: 70
Iscritto il: mer mag 14, 2008 2:22 pm

Re: VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda farbix89 » lun gen 24, 2011 4:24 pm

Prova ad eseguire le scansioni consigliate qui

topic65911.html

Posta tutti i risultati (puoi benissimo saltare combofix visto che già hai fatto)
Avatar utente
farbix89
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 14093
Iscritto il: ven feb 13, 2009 10:09 pm

Re: VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda LegioneFelix17 » lun gen 24, 2011 7:35 pm

Ho fatto la disifestazione in modalità provvisoria solo AntiVir non ha rilevato nessuna minaccia!!!Ecco i risultati:

Antivir :

Avira AntiVir Personal
Report file date: lunedì, 24. gennaio 2011 18:37

Scanning for 2421766 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows Vista
Windows version : (Service Pack 2) [6.0.6002]
Boot mode : Safe mode with network
Username : AUGUSTO
Computer name : PC-AUGUSTO

Version information:
BUILD.DAT : 10.0.0.609 31824 Bytes 13/12/2010 09:43:00
AVSCAN.EXE : 10.0.3.5 435368 Bytes 13/12/2010 07:39:56
AVSCAN.DLL : 10.0.3.0 46440 Bytes 01/04/2010 11:57:04
LUKE.DLL : 10.0.3.2 104296 Bytes 13/12/2010 07:40:06
LUKERES.DLL : 10.0.0.1 12648 Bytes 10/02/2010 22:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06/11/2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14/12/2010 17:28:15
VBASE002.VDF : 7.11.0.1 2048 Bytes 14/12/2010 17:28:15
VBASE003.VDF : 7.11.0.2 2048 Bytes 14/12/2010 17:28:15
VBASE004.VDF : 7.11.0.3 2048 Bytes 14/12/2010 17:28:16
VBASE005.VDF : 7.11.0.4 2048 Bytes 14/12/2010 17:28:16
VBASE006.VDF : 7.11.0.5 2048 Bytes 14/12/2010 17:28:16
VBASE007.VDF : 7.11.0.6 2048 Bytes 14/12/2010 17:28:16
VBASE008.VDF : 7.11.0.7 2048 Bytes 14/12/2010 17:28:16
VBASE009.VDF : 7.11.0.8 2048 Bytes 14/12/2010 17:28:16
VBASE010.VDF : 7.11.0.9 2048 Bytes 14/12/2010 17:28:16
VBASE011.VDF : 7.11.0.10 2048 Bytes 14/12/2010 17:28:16
VBASE012.VDF : 7.11.0.11 2048 Bytes 14/12/2010 17:28:17
VBASE013.VDF : 7.11.0.52 128000 Bytes 16/12/2010 17:28:17
VBASE014.VDF : 7.11.0.91 226816 Bytes 20/12/2010 17:28:17
VBASE015.VDF : 7.11.0.122 136192 Bytes 21/12/2010 17:28:18
VBASE016.VDF : 7.11.0.156 122880 Bytes 24/12/2010 17:28:18
VBASE017.VDF : 7.11.0.185 146944 Bytes 27/12/2010 17:28:18
VBASE018.VDF : 7.11.0.228 132608 Bytes 30/12/2010 17:28:19
VBASE019.VDF : 7.11.1.5 148480 Bytes 03/01/2011 17:28:19
VBASE020.VDF : 7.11.1.37 156672 Bytes 07/01/2011 17:28:19
VBASE021.VDF : 7.11.1.65 140800 Bytes 10/01/2011 17:28:19
VBASE022.VDF : 7.11.1.87 225280 Bytes 11/01/2011 17:28:20
VBASE023.VDF : 7.11.1.124 125440 Bytes 14/01/2011 17:28:20
VBASE024.VDF : 7.11.1.155 132096 Bytes 17/01/2011 17:28:20
VBASE025.VDF : 7.11.1.189 451072 Bytes 20/01/2011 17:28:21
VBASE026.VDF : 7.11.1.230 138752 Bytes 24/01/2011 17:28:21
VBASE027.VDF : 7.11.1.231 2048 Bytes 24/01/2011 17:28:22
VBASE028.VDF : 7.11.1.232 2048 Bytes 24/01/2011 17:28:22
VBASE029.VDF : 7.11.1.233 2048 Bytes 24/01/2011 17:28:22
VBASE030.VDF : 7.11.1.234 2048 Bytes 24/01/2011 17:28:22
VBASE031.VDF : 7.11.1.237 33280 Bytes 24/01/2011 17:28:22
Engineversion : 8.2.4.150
AEVDF.DLL : 8.1.2.1 106868 Bytes 13/12/2010 07:39:51
AESCRIPT.DLL : 8.1.3.52 1282426 Bytes 24/01/2011 17:28:27
AESCN.DLL : 8.1.7.2 127349 Bytes 13/12/2010 07:39:50
AESBX.DLL : 8.1.3.2 254324 Bytes 13/12/2010 07:39:50
AERDL.DLL : 8.1.9.2 635252 Bytes 13/12/2010 07:39:50
AEPACK.DLL : 8.2.4.8 512374 Bytes 24/01/2011 17:28:27
AEOFFICE.DLL : 8.1.1.15 205178 Bytes 24/01/2011 17:28:26
AEHEUR.DLL : 8.1.2.68 3178870 Bytes 24/01/2011 17:28:26
AEHELP.DLL : 8.1.16.0 246136 Bytes 13/12/2010 07:39:42
AEGEN.DLL : 8.1.5.2 397683 Bytes 24/01/2011 17:28:23
AEEMU.DLL : 8.1.3.0 393589 Bytes 13/12/2010 07:39:42
AECORE.DLL : 8.1.19.2 196983 Bytes 24/01/2011 17:28:23
AEBB.DLL : 8.1.1.0 53618 Bytes 13/12/2010 07:39:41
AVWINLL.DLL : 10.0.0.0 19304 Bytes 13/12/2010 07:39:56
AVPREF.DLL : 10.0.0.0 44904 Bytes 13/12/2010 07:39:54
AVREP.DLL : 10.0.0.8 62209 Bytes 17/06/2010 13:27:13
AVREG.DLL : 10.0.3.2 53096 Bytes 13/12/2010 07:39:54
AVSCPLR.DLL : 10.0.3.2 84328 Bytes 13/12/2010 07:39:56
AVARKT.DLL : 10.0.22.6 231784 Bytes 13/12/2010 07:39:52
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 13/12/2010 07:39:53
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17/06/2010 13:27:22
AVSMTP.DLL : 10.0.0.17 63848 Bytes 13/12/2010 07:39:56
NETNT.DLL : 10.0.0.0 11624 Bytes 17/06/2010 13:27:21
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 28/01/2010 12:10:20
RCTEXT.DLL : 10.0.58.0 97128 Bytes 13/12/2010 07:40:20

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: on
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium
Deviating risk categories...........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR,

Start of the scan: lunedì, 24. gennaio 2011 18:37

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '65' Module(s) have been scanned
Scan process 'iexplore.exe' - '96' Module(s) have been scanned
Scan process 'iexplore.exe' - '71' Module(s) have been scanned
Scan process 'avcenter.exe' - '97' Module(s) have been scanned
Scan process 'wmpnscfg.exe' - '28' Module(s) have been scanned
Scan process 'Explorer.EXE' - '128' Module(s) have been scanned
Scan process 'svchost.exe' - '42' Module(s) have been scanned
Scan process 'svchost.exe' - '52' Module(s) have been scanned
Scan process 'svchost.exe' - '45' Module(s) have been scanned
Scan process 'svchost.exe' - '62' Module(s) have been scanned
Scan process 'svchost.exe' - '83' Module(s) have been scanned
Scan process 'svchost.exe' - '67' Module(s) have been scanned
Scan process 'svchost.exe' - '41' Module(s) have been scanned
Scan process 'svchost.exe' - '33' Module(s) have been scanned
Scan process 'svchost.exe' - '39' Module(s) have been scanned
Scan process 'lsm.exe' - '31' Module(s) have been scanned
Scan process 'lsass.exe' - '60' Module(s) have been scanned
Scan process 'services.exe' - '32' Module(s) have been scanned
Scan process 'winlogon.exe' - '32' Module(s) have been scanned
Scan process 'wininit.exe' - '25' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'csrss.exe' - '14' Module(s) have been scanned
Scan process 'smss.exe' - '2' Module(s) have been scanned

Initiating scan of system files:
Signed -> 'C:\Windows\system32\svchost.exe'
Signed -> 'C:\Windows\system32\winlogon.exe'
Signed -> 'C:\Windows\explorer.exe'
Signed -> 'C:\Windows\system32\smss.exe'
Signed -> 'C:\Windows\system32\wininet.DLL'
Signed -> 'C:\Windows\system32\wsock32.DLL'
Signed -> 'C:\Windows\system32\ws2_32.DLL'
Signed -> 'C:\Windows\system32\services.exe'
Signed -> 'C:\Windows\system32\lsass.exe'
Signed -> 'C:\Windows\system32\csrss.exe'
Signed -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signed -> 'C:\Windows\system32\spoolsv.exe'
Signed -> 'C:\Windows\system32\alg.exe'
Signed -> 'C:\Windows\system32\wuauclt.exe'
Signed -> 'C:\Windows\system32\advapi32.DLL'
Signed -> 'C:\Windows\system32\user32.DLL'
Signed -> 'C:\Windows\system32\gdi32.DLL'
Signed -> 'C:\Windows\system32\kernel32.DLL'
Signed -> 'C:\Windows\system32\ntdll.DLL'
Signed -> 'C:\Windows\system32\ntoskrnl.exe'
Signed -> 'C:\Windows\system32\ctfmon.exe'
The system files were scanned ('21' files)

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan executable files (registry).
The registry was scanned ( '1128' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Program Files\OpenOffice.org 3\Basis\program\python-core-2.6.1\lib\test\testtar.tar
[0] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!
[WARNING] Internal error!
C:\Users\AUGUSTO\Desktop\OpenOffice.org 3.2 (it) Installation Files\openofficeorg1.cab
[0] Archive type: CAB (Microsoft)
--> testtar.tar
[1] Archive type: TAR (tape archiver)
--> gnu/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/123/longname
[WARNING] Internal error!


End of the scan: lunedì, 24. gennaio 2011 19:17
Used time: 39:42 Minute(s)

The scan has been done completely.

21986 Scanned directories
336983 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
336983 Files not concerned
2461 Archives were scanned
3 Warnings
0 Notes


Malwarebytes' Anti-Malware

Malwarebytes' Anti-Malware 1.50.1.1100
http://www.malwarebytes.org

Versione database: 5590

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18999

24.01.2011 18:23:22
mbam-log-2011-01-24 (18-23-22).txt

Tipo di scansione: Scansione completa (C:\|)
Elementi esaminati: 255249
Tempo trascorso: 34 minuti, 35 secondi

Processi infetti in memoria: 0
Moduli di memoria infetti: 0
Chiavi di registro infette: 0
Valori di registro infetti: 0
Voci infette nei dati di registro: 0
Cartelle infette: 0
File infetti: 1

Processi infetti in memoria:
(Non sono stati rilevati elementi nocivi)

Moduli di memoria infetti:
(Non sono stati rilevati elementi nocivi)

Chiavi di registro infette:
(Non sono stati rilevati elementi nocivi)

Valori di registro infetti:
(Non sono stati rilevati elementi nocivi)

Voci infette nei dati di registro:
(Non sono stati rilevati elementi nocivi)

Cartelle infette:
(Non sono stati rilevati elementi nocivi)

File infetti:
c:\Windows\5456456z (Koobface.Trace) -> Quarantined and deleted successfully.
ha trovato solo una minaccia!!!

HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:32:05, on 24.01.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18999)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
C:\Users\AUGUSTO\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... pf=desktop
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Interest recogniser for Pixeasy (powered by Spointer) - {b9b311cd-e430-43c9-b579-07eb818ce7be} - C:\Program Files\PixEasy\spointer\extensions\pixeasy_air_ie.dll
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatchTray11.exe"
O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files\Roxio Creator 2009\5.0\CPMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\AUGUSTO\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Servizio di Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\Common Files\NMSAccessU.exe
O23 - Service: Roxio UPnP Renderer 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe
O23 - Service: Roxio Upnp Server 11 - Sonic Solutions - C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUpnpService11.exe
O23 - Service: LiveShare P2P Server 11 (RoxLiveShare11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxLiveShare11.exe
O23 - Service: RoxMediaDB11 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxMediaDB11.exe
O23 - Service: Roxio Hard Drive Watcher 11 (RoxWatch11) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\11.0\SharedCOM\RoxWatch11.exe

--
End of file - 5106 bytes


IL computer è ancora infetto???
Avatar utente
LegioneFelix17
Aficionado
Aficionado
 
Messaggi: 70
Iscritto il: mer mag 14, 2008 2:22 pm

Re: VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda Ale2695 » lun gen 24, 2011 8:54 pm

Il problema si presenta ancora?
http://www.chimerarevo.com/
Avatar utente
Ale2695
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5927
Iscritto il: dom gen 18, 2009 10:39 am
Località: Novara

Re: VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda LegioneFelix17 » lun gen 24, 2011 9:48 pm

Sembra che il virus non manda più email tramite facebook....come faccio a capire se il mio pc è ancora infetto??


GRAZIE!!
Avatar utente
LegioneFelix17
Aficionado
Aficionado
 
Messaggi: 70
Iscritto il: mer mag 14, 2008 2:22 pm

Re: VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda Ale2695 » lun gen 24, 2011 9:54 pm

LegioneFelix17 ha scritto:Sembra che il virus non manda più email tramite facebook....come faccio a capire se il mio pc è ancora infetto??


GRAZIE!!

Le scansioni hanno dato esito negativo, il log di Hjiackthis è pulito...
A me sembri a posto... ma facebook è ancora in inglese?
http://www.chimerarevo.com/
Avatar utente
Ale2695
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 5927
Iscritto il: dom gen 18, 2009 10:39 am
Località: Novara

Re: VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda LegioneFelix17 » lun gen 24, 2011 10:01 pm

L'ho ripristinato io!!!Ma com'è possibile che un virus crei tutto quest?
Avatar utente
LegioneFelix17
Aficionado
Aficionado
 
Messaggi: 70
Iscritto il: mer mag 14, 2008 2:22 pm

Re: VIRUS CHE MANDA LINK SU FACEBOOK!!!!!!!!!!!!!!!!!!

Messaggioda farbix89 » lun gen 24, 2011 10:17 pm

LegioneFelix17 ha scritto:Ma com'è possibile che un virus crei tutto quest?


eri infetto da Koobface,che fa questi brutti scherzi(invio link pubblicitari a tutti i contatti,finestre di avviso non desiderate e modifica alle impostazioni di Facebook).


Attenzione ai link su Facebook,stanno diventando la trappola più utilizzata per infettare i PC.
Avatar utente
farbix89
Membro Ufficiale (Gold)
Membro Ufficiale (Gold)
 
Messaggi: 14093
Iscritto il: ven feb 13, 2009 10:09 pm

Prossimo

Torna a Sicurezza

Chi c’è in linea

Visitano il forum: Nessuno e 3 ospiti

cron
Powered by phpBB © 2002, 2005, 2007, 2008 phpBB Group
Traduzione Italiana phpBB.it

megalab.it: testata telematica quotidiana registrata al Tribunale di Cosenza n. 22/09 del 13.08.2009, editore Master New Media S.r.l.; © Copyright 2008 Master New Media S.r.l. a socio unico - P.I. 02947530784. GRUPPO EDIZIONI MASTER Spa Tutti i diritti sono riservati. Per la pubblicità: Master Advertising