Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
CoolWWWSearch.am DAUGERUN e bocca rossa
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
mauro137
Eroe
Eroe


Registrato: 26/07/07 16:35
Messaggi: 49
Residenza: Finale Emilia
MessaggioInviato: 26 Lug 2007 16:43    Oggetto: CoolWWWSearch.am DAUGERUN e bocca rossa Rispondi citando
Ciao a tutti,
chiedo il vostro aiuto perchè non ne posso più!!!!!!!!!!
Spybot mi trova un trojan di nome DAUGERUN e un malware di nome CoolWWWSearch.am
se non bastasse ho anche la tentata connessione con il modem 56k della famosa BOCCA ROSSA che appare ad ogni riavvio
Provo a correggere con spybot, e lui li corregge tutti tranne 1, mi chiede di riavviare e di abilitare la scansione all'avvio ma quando rilancio spybot ricompare.
Aiutatemi vi prego

Vi posto di seguito il log del file di HiJackThis che chiedete sempre a tutti:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15.56.23, on 26/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
F:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\oodag.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Programmi\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Winamp\winampa.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraMD.exe
C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
F:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Spamihilator\spamihilator.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Wacom\TabUserW.exe
C:\Programmi\CountDown\CountDown.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\www\Desktop\gmer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Outlook Express\msimn.exe
C:\Documents and Settings\www\Desktop\Utilità di sitema\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 66.159.20.80 www1.ndhosting.com
O1 - Hosts: 66.159.20.80 www3.ndhosting.com
O1 - Hosts: 66.159.20.80 www2.ndhosting.com
O1 - Hosts: 66.159.20.80 www.ndhosting.com
O1 - Hosts: 66.159.20.80 www.kinghost.com
O1 - Hosts: 66.159.20.80 kinghost.com
O1 - Hosts: 66.159.20.80 www1.kinghost.com
O1 - Hosts: 66.159.20.80 www2.kinghost.com
O1 - Hosts: 66.159.20.80 www3.kinghost.com
O1 - Hosts: 66.159.20.80 www4.kinghost.com
O1 - Hosts: 66.159.20.80 www5.kinghost.com
O1 - Hosts: 66.159.20.80 www6.kinghost.com
O1 - Hosts: 66.159.20.80 www7.kinghost.com
O1 - Hosts: 66.159.20.80 www8.kinghost.com
O1 - Hosts: 66.159.20.80 www9.kinghost.com
O1 - Hosts: 66.159.20.80 www10.kinghost.com
O1 - Hosts: 66.159.20.80 smutserver.com
O1 - Hosts: 66.159.20.80 www12.smutserver
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HydraVisionViewport] C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraMD.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [OM_Monitor] F:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Norton Ghost 9.0] F:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programmi\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] F:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Programmi\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: CountDown.lnk = C:\Programmi\CountDown\CountDown.exe
O4 - Startup: StartupCleaner.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.lnk = C:\Programmi\Wacom\TabUserW.exe
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Apri client su monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Apri client su monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {E8F0CD02-45B4-4824-901C-98D422FD96DD} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted Zone: www.yeak.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{30696ADD-7511-4CBC-A490-8A8934B374BF}: NameServer = 192.168.0.1
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - F:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Upsagent - UPS Monitor (Upsagent) - Unknown owner - C:\Programmi\Upsmon\Upsag_nt.exe

--
End of file - 11071 bytes Shocked Shocked Shocked Arrow Very Happy Very Happy
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 26 Lug 2007 20:00    Oggetto: Rispondi citando
Ciao. Very Happy
Avvia il PC dalla modalità provvisoria:
http://forum.zeusnews.com/viewtopic.php?t=22084


esegui hijackthis
clicca su Scan
metti il segno di spunta a queste voci:

O1 - Hosts: 66.159.20.80 www1.ndhosting.com
O1 - Hosts: 66.159.20.80 www3.ndhosting.com
O1 - Hosts: 66.159.20.80 www2.ndhosting.com
O1 - Hosts: 66.159.20.80 www.ndhosting.com
O1 - Hosts: 66.159.20.80 www.kinghost.com
O1 - Hosts: 66.159.20.80 kinghost.com
O1 - Hosts: 66.159.20.80 www1.kinghost.com
O1 - Hosts: 66.159.20.80 www2.kinghost.com
O1 - Hosts: 66.159.20.80 www3.kinghost.com
O1 - Hosts: 66.159.20.80 www4.kinghost.com
O1 - Hosts: 66.159.20.80 www5.kinghost.com
O1 - Hosts: 66.159.20.80 www6.kinghost.com
O1 - Hosts: 66.159.20.80 www7.kinghost.com
O1 - Hosts: 66.159.20.80 www8.kinghost.com
O1 - Hosts: 66.159.20.80 www9.kinghost.com
O1 - Hosts: 66.159.20.80 www10.kinghost.com
O1 - Hosts: 66.159.20.80 smutserver.com
O1 - Hosts: 66.159.20.80 www12.smutserver
O4 - Startup: StartupCleaner.exe questo se lo conosci per ora non toglierlo
O18 - Filter hijack: text/html - (no CLSID) - (no file)

clicca fix checked
Riavvia il pc, rifai il log di hijackthis e postalo

Poi, fai anche questi passaggi:
http://forum.zeusnews.com/viewtopic.php?p=194965#194965 passaggio 1 -

http://forum.zeusnews.com/viewtopic.php?p=194966#194966 passaggio 2 -

Scarica CWShredder da quì: http://us.trendmicro.com/us/products/personal/CWShredder/
Basta avviarlo facendo doppio clic sull'eseguibile e premere il tasto Fix.
Incolal poi quì il risultato.
Top
Profilo Invia messaggio privato
mauro137
Eroe
Eroe


Registrato: 26/07/07 16:35
Messaggi: 49
Residenza: Finale Emilia
MessaggioInviato: 27 Lug 2007 11:07    Oggetto: risultati scansioni Rispondi citando
ciao Sante62, Smile
ti ringrazio per la tua disponibilità, ho eseguito tutto quello che mi hai scritto, il tutto è un po' lungo ma è quello che mi hai chiesto (spero).
Ti elenco di seguito i vari risultati:

Log di hijackthis risultante dopo il "fixaggio":

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 9.36.58, on 27/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\www\Desktop\Utilità di sitema\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HydraVisionViewport] C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraMD.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [OM_Monitor] F:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Norton Ghost 9.0] F:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Programmi\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] F:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Programmi\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\csrs.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: CountDown.lnk = C:\Programmi\CountDown\CountDown.exe
O4 - Startup: StartupCleaner.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.lnk = C:\Programmi\Wacom\TabUserW.exe
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Apri client su monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Apri client su monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {E8F0CD02-45B4-4824-901C-98D422FD96DD} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O17 - HKLM\System\CCS\Services\Tcpip\..\{30696ADD-7511-4CBC-A490-8A8934B374BF}: NameServer = 192.168.0.1
O18 - Filter hijack: text/html - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - F:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Upsagent - UPS Monitor (Upsagent) - Unknown owner - C:\Programmi\Upsmon\Upsag_nt.exe

--
End of file - 8351 bytes

Log di findAWF (a questo proposito ti devo dire che ho già usato findAWF per eliminare instantaccess qualche mese fa leggendo il vostro fantastico forum, infatti vedi il risultato è "pulito"):


Find AWF report by noahdfear ©2006


bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report


ti scrivo i link di gmer
------------------------------------il 1° link-----------------------------------

http://www.freefilehosting.net/download/NTIzNg==


------------------------------------il 2° link-----------------------------------

http://www.freefilehosting.net/download/NTI0Ng==



poi ti posto il report di trendmicro

**** Run Keys ****

RUN: [Smapp] C:\Programmi\Analog Devices\SoundMAX\Smtray.exe
RUN: [CARPService] carpserv.exe
RUN: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
RUN: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
RUN: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
RUN: [WinampAgent] C:\Programmi\Winamp\winampa.exe
RUN: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
RUN: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
RUN: [HydraVisionViewport] C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraMD.exe
RUN: [HydraVisionDesktopManager] C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
RUN: [NWEReboot]
RUN: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
RUN: [OM_Monitor] F:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe
RUN: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
RUN: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
RUN: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
RUN: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
RUN: []
RUN: [Norton Ghost 9.0] F:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
RUN: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
RUN: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
RUN: [Spamihilator] "C:\Programmi\Spamihilator\spamihilator.exe"
RUN: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
RUN: [OM_Monitor] F:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
RUN: [Advanced Uninstaller PRO Installation Monitor] "C:\Programmi\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe"
RUN: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe


**** Browser Helper Objects ****

BHO: [Adobe PDF Reader Link Helper] C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
BHO: [] C:\PROGRA~1\SPYBOT~1\SDHelper.dll
BHO: [SSVHelper Class] C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
BHO: [Windows Live Sign-in Helper] C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: [Google Toolbar Helper] c:\programmi\google\googletoolbar2.dll
BHO: [Google Toolbar Notifier BHO] C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll


**** IE Toolbars ****

TOOLBAR: [&Google] c:\programmi\google\googletoolbar2.dll


**** IE Extensions ****

IEExt: [Web Browser Applet Control] C:\WINDOWS\system32\msjava.dll
IEExt: [Messenger] C:\Programmi\Messenger\msmsgs.exe


**** Hosts File Entries ****

HOSTS: 127.0.0.1 localhost
HOSTS: 127.0.0.1


**** IE Settings ****

IEBypass: <local>
Default Page: http://gw.aliceadsl.it/home
Default Search: http://www.google.com/ie
Local Page: C:\WINDOWS\system32\blank.htm
Search Bar: http://www.google.com/ie
Search Page: http://www.google.com


**** IE Context Menu (Right click) ****

IEContext: [&eBay Search] res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
IEContext: [Apri client su monitor &1] C:\WINDOWS\web\AOpenClient.htm
IEContext: [Apri client su monitor &2] C:\WINDOWS\web\AOpenClient.htm
IEContext: [E&sporta in Microsoft Excel] res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000


**** Layered Service Providers ****

LSP: MSAFD Tcpip [TCP/IP]
LSP: MSAFD Tcpip [UDP/IP]
LSP: RSVP UDP Service Provider
LSP: RSVP TCP Service Provider
LSP: MSAFD RfComm [Bluetooth]
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2AD80674-A337-498F-A806-170A0A9D9EFE}] SEQPACKET 13
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2AD80674-A337-498F-A806-170A0A9D9EFE}] DATAGRAM 13
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DCCDF22E-42AB-4B04-9B73-0ECAA5AF2ED8}] SEQPACKET 12
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DCCDF22E-42AB-4B04-9B73-0ECAA5AF2ED8}] DATAGRAM 12
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{247485E0-9A22-4DB2-9A30-6A9A89B1D8F1}] SEQPACKET 11
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{247485E0-9A22-4DB2-9A30-6A9A89B1D8F1}] DATAGRAM 11
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A20FCA38-B838-4A0E-8FD7-53BC9869B889}] SEQPACKET 10
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{A20FCA38-B838-4A0E-8FD7-53BC9869B889}] DATAGRAM 10
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2B09AF7-C4B8-4A63-83BC-DB9D2E162975}] SEQPACKET 8
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{D2B09AF7-C4B8-4A63-83BC-DB9D2E162975}] DATAGRAM 8
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B578DDC9-1B88-42EB-954B-C4B5BBEF8543}] SEQPACKET 9
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{B578DDC9-1B88-42EB-954B-C4B5BBEF8543}] DATAGRAM 9
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1C6CC66E-8721-4AB6-AF15-89E7F6DA5E74}] SEQPACKET 7
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1C6CC66E-8721-4AB6-AF15-89E7F6DA5E74}] DATAGRAM 7
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EE958373-71A4-4A03-BEA5-F7CD8682531F}] SEQPACKET 6
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{EE958373-71A4-4A03-BEA5-F7CD8682531F}] DATAGRAM 6
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DCBB359D-75B6-4682-AD40-845F0386ADA7}] SEQPACKET 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{DCBB359D-75B6-4682-AD40-845F0386ADA7}] DATAGRAM 5
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{30696ADD-7511-4CBC-A490-8A8934B374BF}] SEQPACKET 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{30696ADD-7511-4CBC-A490-8A8934B374BF}] DATAGRAM 0
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5DF727A1-7659-4C6F-8F92-AAB04D0300E4}] SEQPACKET 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{5DF727A1-7659-4C6F-8F92-AAB04D0300E4}] DATAGRAM 1
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1BCB8D63-AB1D-45B0-A464-93AFA13510D0}] SEQPACKET 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{1BCB8D63-AB1D-45B0-A464-93AFA13510D0}] DATAGRAM 2
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D655931-9B79-43E3-B3FD-FF396343E146}] SEQPACKET 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{2D655931-9B79-43E3-B3FD-FF396343E146}] DATAGRAM 3
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A430D9F-3B84-4141-A65C-902EBB2CB20F}] SEQPACKET 4
LSP: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7A430D9F-3B84-4141-A65C-902EBB2CB20F}] DATAGRAM 4


**** Blocked Control Panel Items ****

BLOCKED: [ncpa.cpl] No
BLOCKED: [odbccp32.cpl] No
BLOCKED: [S7epaepx.cpl] YES
BLOCKED: [S7UBCPLX.cpl] YES
BLOCKED: [s7epatdx.cpl] YES


**** Downloaded Program Files ****

{8AD9C840-044E-11D1-B3E9-00805F499D93} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab]
{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab]
{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab]
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} [http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab]


**** Windows Services ****

[Alerter] %SystemRoot%\System32\svchost.exe -k LocalService
[ALG] %SystemRoot%\System32\alg.exe
[AppMgmt] %SystemRoot%\system32\svchost.exe -k netsvcs
[aspnet_state] %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
[aswUpdSv] "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
[Ati HotKey Poller] %SystemRoot%\system32\Ati2evxx.exe
[ATI Smart] C:\WINDOWS\system32\ati2sgag.exe
[AudioSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[avast! Antivirus] "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
[avast! Mail Scanner] "C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service
[avast! Web Scanner] "C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service
[BITS] %SystemRoot%\System32\svchost.exe -k netsvcs
[Browser] %SystemRoot%\System32\svchost.exe -k netsvcs
[BthServ] %SystemRoot%\system32\svchost.exe -k bthsvcs
[C-DillaSrv] C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
[cisvc] C:\WINDOWS\System32\cisvc.exe
[ClipSrv] %SystemRoot%\system32\clipsrv.exe
[COMSysApp] C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
[CryptSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[DcomLaunch] %SystemRoot%\system32\svchost -k DcomLaunch
[Dhcp] %SystemRoot%\System32\svchost.exe -k netsvcs
[dmadmin] %SystemRoot%\System32\dmadmin.exe /com
[dmserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[Dnscache] %SystemRoot%\System32\svchost.exe -k NetworkService
[ERSvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[Eventlog] %SystemRoot%\system32\services.exe
[EventSystem] C:\WINDOWS\System32\svchost.exe -k netsvcs
[FastUserSwitchingCompatibility] %SystemRoot%\System32\svchost.exe -k netsvcs
[GEARSecurity] %SystemRoot%\System32\GEARSec.exe
[gusvc] "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
[helpsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[HidServ] %SystemRoot%\System32\svchost.exe -k netsvcs
[HTTPFilter] %SystemRoot%\System32\svchost.exe -k HTTPFilter
[ImapiService] C:\WINDOWS\System32\imapi.exe
[lanmanserver] %SystemRoot%\System32\svchost.exe -k netsvcs
[lanmanworkstation] %SystemRoot%\System32\svchost.exe -k netsvcs
[LmHosts] %SystemRoot%\System32\svchost.exe -k LocalService
[MDM] "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
[Messenger] %SystemRoot%\System32\svchost.exe -k netsvcs
[mnmsrvc] C:\WINDOWS\System32\mnmsrvc.exe
[MSDTC] C:\WINDOWS\System32\msdtc.exe
[MSIServer] C:\WINDOWS\system32\msiexec.exe /V
[NBService] C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
[NetDDE] %SystemRoot%\system32\netdde.exe
[NetDDEdsdm] %SystemRoot%\system32\netdde.exe
[Netlogon] %SystemRoot%\System32\lsass.exe
[Netman] %SystemRoot%\System32\svchost.exe -k netsvcs
[Nla] %SystemRoot%\System32\svchost.exe -k netsvcs
[NMIndexingService] "C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe"
[Norton Ghost] F:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
[NtLmSsp] %SystemRoot%\System32\lsass.exe
[NtmsSvc] %SystemRoot%\system32\svchost.exe -k netsvcs
[O&O Defrag] C:\WINDOWS\system32\oodag.exe
[PlugPlay] %SystemRoot%\system32\services.exe
[Pml Driver HPZ12] C:\WINDOWS\system32\HPZipm12.exe
[PolicyAgent] %SystemRoot%\System32\lsass.exe
[ProtectedStorage] %SystemRoot%\system32\lsass.exe
[RasAuto] %SystemRoot%\System32\svchost.exe -k netsvcs
[RasMan] %SystemRoot%\System32\svchost.exe -k netsvcs
[RDSessMgr] C:\WINDOWS\system32\sessmgr.exe
[RemoteAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[RemoteRegistry] %SystemRoot%\system32\svchost.exe -k LocalService
[RichVideo] "C:\Programmi\CyberLink\Shared files\RichVideo.exe"
[RpcLocator] %SystemRoot%\System32\locator.exe
[RpcSs] %SystemRoot%\system32\svchost -k rpcss
[RSVP] %SystemRoot%\System32\rsvp.exe
[SamSs] %SystemRoot%\system32\lsass.exe
[SCardSvr] %SystemRoot%\System32\SCardSvr.exe
[Schedule] %SystemRoot%\System32\svchost.exe -k netsvcs
[seclogon] %SystemRoot%\System32\svchost.exe -k netsvcs
[SENS] %SystemRoot%\system32\svchost.exe -k netsvcs
[ServiceLayer] "C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe"
[SharedAccess] %SystemRoot%\System32\svchost.exe -k netsvcs
[ShellHWDetection] %SystemRoot%\System32\svchost.exe -k netsvcs
[SoundMAX Agent Service (default)] C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
[Spooler] %SystemRoot%\system32\spoolsv.exe
[srservice] %SystemRoot%\System32\svchost.exe -k netsvcs
[SSDPSRV] %SystemRoot%\System32\svchost.exe -k LocalService
[stisvc] %SystemRoot%\System32\svchost.exe -k imgsvc
[SwPrv] C:\WINDOWS\System32\dllhost.exe /Processid:{75D580C4-3272-4A35-AEC1-F087A201CCDF}
[SysmonLog] %SystemRoot%\system32\smlogsvc.exe
[TabletService] C:\WINDOWS\System32\Tablet.exe
[TapiSrv] %SystemRoot%\System32\svchost.exe -k netsvcs
[TermService] %SystemRoot%\System32\svchost -k DComLaunch
[Themes] %SystemRoot%\System32\svchost.exe -k netsvcs
[TlntSvr] C:\WINDOWS\System32\tlntsvr.exe
[TrkWks] %SystemRoot%\system32\svchost.exe -k netsvcs
[upnphost] %SystemRoot%\System32\svchost.exe -k LocalService
[UPS] %SystemRoot%\System32\ups.exe
[Upsagent] C:\Programmi\Upsmon\Upsag_nt.exe
[usnsvc] C:\WINDOWS\system32\svchost.exe -k usnsvc
[VSS] %SystemRoot%\System32\vssvc.exe
[W32Time] %SystemRoot%\System32\svchost.exe -k netsvcs
[WebClient] %SystemRoot%\System32\svchost.exe -k LocalService
[winmgmt] %systemroot%\system32\svchost.exe -k netsvcs
[WMDM PMSP Service] C:\WINDOWS\system32\MsPMSPSv.exe
[WmdmPmSN] %SystemRoot%\System32\svchost.exe -k netsvcs
[Wmi] %SystemRoot%\System32\svchost.exe -k netsvcs
[WmiApSrv] C:\WINDOWS\System32\wbem\wmiapsrv.exe
[WMPNetworkSvc] C:\Programmi\Windows Media Player\WMPNetwk.exe
[wscsvc] %SystemRoot%\System32\svchost.exe -k netsvcs
[wuauserv] %systemroot%\system32\svchost.exe -k netsvcs
[WudfSvc] %SystemRoot%\system32\svchost.exe -k WudfServiceGroup
[WZCSVC] %SystemRoot%\System32\svchost.exe -k netsvcs
[xmlprov] %SystemRoot%\System32\svchost.exe -k netsvcs


**** Custom IE Search Items ****

SEARCH: []
SEARCH: [SearchAssistant] http://www.google.com/ie
SEARCH: [CustomizeSearch] about:blank
SEARCH: [Default_Search_URL] http://www.google.com/ie
SEARCH: [SearchAssistant] http://www.google.com/ie


**** Complete IE Options ****

IEOPT: [NoUpdateCheck]
IEOPT: [NoJITSetup]
IEOPT: [Disable Script Debugger] yes
IEOPT: [Show_ChannelBand] No
IEOPT: [Anchor Underline] yes
IEOPT: [Cache_Update_Frequency] Once_Per_Session
IEOPT: [Display Inline Images] yes
IEOPT: [Do404Search]
IEOPT: [Local Page] C:\WINDOWS\system32\blank.htm
IEOPT: [Save_Session_History_On_Exit] no
IEOPT: [Show_FullURL] no
IEOPT: [Show_StatusBar] yes
IEOPT: [Show_ToolBar] yes
IEOPT: [Show_URLinStatusBar] yes
IEOPT: [Show_URLToolBar] yes
IEOPT: [Start Page] http://www.google.com/webhp?sourceid=navclient&ie=UTF-8
IEOPT: [Use_DlgBox_Colors] yes
IEOPT: [Check_Associations] yes
IEOPT: [FullScreen] no
IEOPT: [Window_Placement] ,
IEOPT: [NotifyDownloadComplete] no
IEOPT: [Use FormSuggest] yes
IEOPT: [Error Dlg Displayed On Every Error] no
IEOPT: [Error Dlg Details Pane Open] no
IEOPT: [Expand Alt Text] no
IEOPT: [Move System Caret] no
IEOPT: [Enable_MyPics_Hoverbar] yes
IEOPT: [Enable AutoImageResize] yes
IEOPT: [Show image placeholders]
IEOPT: [Play_Animations] yes
IEOPT: [Play_Background_Sounds] yes
IEOPT: [Display Inline Videos] yes
IEOPT: [Enable Browser Extensions] yes
IEOPT: [FavIntelliMenus] no
IEOPT: [NoWebJITSetup]
IEOPT: [UseThemes]
IEOPT: [Page_Transitions]
IEOPT: [NscSingleExpand]
IEOPT: [Force Offscreen Composition]
IEOPT: [ShowGoButton] yes
IEOPT: [Friendly http errors] yes
IEOPT: [AllowWindowReuse]
IEOPT: [SmoothScroll]
IEOPT: [AutoSearch]
IEOPT: [Print_Background] no
IEOPT: [FormSuggest Passwords] yes
IEOPT: [FormSuggest PW Ask] no
IEOPT: [AddToFavoritesExpanded]
IEOPT: [Cache_Update_Size] 10031061405609127
IEOPT: [Window Title] Microsoft Internet Explorer fornito da Alice
IEOPT: [Use Custom Search URL]
IEOPT: [HistoryViewType]
IEOPT: [DisableScriptDebuggerIE] yes
IEOPT: [LastCheckedHi] d¼Çs
IEOPT: [ControlTooltipCount]
IEOPT: [FavoritesExportFile] C:\Documents and Settings\All Users\Documenti\bookmark.htm
IEOPT: [FavoritesImportFolder] C:\Documents and Settings\www\Preferiti
IEOPT: [Use Search Asst] no
IEOPT: [Search Page] http://www.google.com
IEOPT: [Search Bar] http://www.google.com/ie
IEOPT: [Default_Page_URL] http://gw.aliceadsl.it/home
IEOPT: [Default_Search_URL] http://www.google.com/ie
IEOPT: [Search Page] http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
IEOPT: [Enable_Disk_Cache] yes
IEOPT: [Cache_Percent_of_Disk]
IEOPT: [Delete_Temp_Files_On_Exit] yes
IEOPT: [Local Page] %SystemRoot%\system32\blank.htm
IEOPT: [Anchor_Visitation_Horizon]
IEOPT: [Use_Async_DNS] yes
IEOPT: [Placeholder_Width]
IEOPT: [Placeholder_Height]
IEOPT: [Start Page] http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
IEOPT: [Wizard_Version] 6.00.2800.1106
IEOPT: [FullScreen] no
IEOPT: [Check_Associations] yes


ringraziando ancora per la disponibilità attendo con impazienza Confused la tua risposta.

Mauro137
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 27 Lug 2007 12:10    Oggetto: Rispondi citando
Va Bene.

Avvia Hijackthis e metti la spunta a sinistra di queste vosi:
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\csrs.exe
O18 - Filter hijack: text/html - (no CLSID) - (no file)

Scarica Avenger: http://swandog46.geekstogo.com/avenger.zip

Avvialo
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe in rosso:
Files to delete:
C:\WINDOWS\csrs.exe
Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato:
Lo trovi su C:\Avenger.txt.
Nel frattempo fai una scansione online con Kaspersky:
http://forum.zeusnews.com/viewtopic.php?t=21705
Top
Profilo Invia messaggio privato
mauro137
Eroe
Eroe


Registrato: 26/07/07 16:35
Messaggi: 49
Residenza: Finale Emilia
MessaggioInviato: 27 Lug 2007 12:46    Oggetto: Rispondi citando
ciao, ho fatto un scansione con hkj come mi hai detto ma le 2 righe da fixare non ci sono.
Ti allego comunque il risultato della scansione:


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12.24.00, on 27/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
F:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\Tablet.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Programmi\Analog Devices\SoundMAX\Smtray.exe
C:\WINDOWS\system32\carpserv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraMD.exe
C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
F:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\Wacom\TabUserW.exe
C:\Programmi\CountDown\CountDown.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\cidaemon.exe
C:\PROGRA~1\DVDREG~1\DVDRegionFree.exe
C:\Programmi\Spamihilator\spamihilator.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\www\Desktop\Utilità di sitema\HiJackThis_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Smapp] C:\Programmi\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Programmi\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HydraVisionViewport] C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraMD.exe
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Programmi\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [OM_Monitor] F:\Programmi\OLYMPUS\OLYMPUS Master\FirstStart.exe
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [LanguageShortcut] C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [Norton Ghost 9.0] F:\Programmi\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Spamihilator] "C:\Programmi\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [OM_Monitor] F:\Programmi\OLYMPUS\OLYMPUS Master\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Advanced Uninstaller PRO Installation Monitor] "C:\Programmi\Innovative Solutions\Advanced Uninstaller PRO 2006 version 7\monitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: CountDown.lnk = C:\Programmi\CountDown\CountDown.exe
O4 - Startup: StartupCleaner.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: TabUserW.lnk = C:\Programmi\Wacom\TabUserW.exe
O8 - Extra context menu item: &eBay Search - res://C:\Programmi\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: Apri client su monitor &1 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: Apri client su monitor &2 - C:\WINDOWS\web\AOpenClient.htm
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {E8F0CD02-45B4-4824-901C-98D422FD96DD} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O17 - HKLM\System\CCS\Services\Tcpip\..\{30696ADD-7511-4CBC-A490-8A8934B374BF}: NameServer = 192.168.0.1
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: Norton Ghost - Symantec Corporation - F:\Programmi\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\File comuni\PCSuite\Services\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
O23 - Service: Upsagent - UPS Monitor (Upsagent) - Unknown owner - C:\Programmi\Upsmon\Upsag_nt.exe

--
End of file - 9926 bytes

Panico!!!! Shocked Shocked
dopo aver fatto la scansione con avenger e riavviato mi è apparsa una finestra DOS che mi dice:

c:\sistem32\cmd.exe
impossibile trovare il file specificato.
impossibile trovare C:avenger\*.reg
impossibile trovare il file specificato
zip warning: C:backup.zip not found or empty
adding: avenger/backup.reg (188 bytes security) (stored 0%)

e un' altra finestra che dice:
windows - disco non presente
imposs trovare il disco nell'unità

coa fattio???
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 27 Lug 2007 13:19    Oggetto: Rispondi citando
Ciao.
Riprova a fare lo script di Avenger, ma tieni il tuo antivirus momentaneamente disattivato ed eventuali altri moduli con protezione in tempo reale.
Ciao.
Top
Profilo Invia messaggio privato
mauro137
Eroe
Eroe


Registrato: 26/07/07 16:35
Messaggi: 49
Residenza: Finale Emilia
MessaggioInviato: 27 Lug 2007 18:48    Oggetto: Rispondi citando
ciao, Sad
ho fatto la scansione con Kaspersky on line ho visto 5 virus ed 8 infezioni, ci ho messo quasi 5 ore ma ecco il risultato:

KASPERSKY ONLINE SCANNER REPORT
Friday, July 27, 2007 6:29:19 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/07/2007
Kaspersky Anti-Virus database records: 368407


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
J:\
K:\
L:\
M:\
N:\
Z:\

Scan Statistics
Total number of scanned objects 155207
Number of viruses found 4
Number of infected objects 8 / 0
Number of suspicious objects 0
Duration of the scan process 04:56:34

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\www\72273327.dll Infected: Trojan-Clicker.Win32.Agent.hz skipped

C:\Documents and Settings\www\724471.dll Infected: Trojan-Clicker.Win32.Agent.hz skipped

C:\Documents and Settings\www\7683528.dll Infected: Trojan-Clicker.Win32.Agent.hz skipped

C:\Documents and Settings\www\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\www\Impostazioni locali\Cronologia\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\www\Impostazioni locali\Cronologia\History.IE5\MSHist012007072720070728\index.dat Object is locked skipped

C:\Documents and Settings\www\Impostazioni locali\Dati applicazioni\Ahead\Nero Home\bl.db Object is locked skipped

C:\Documents and Settings\www\Impostazioni locali\Dati applicazioni\Ahead\Nero Home\is2.db Object is locked skipped

C:\Documents and Settings\www\Impostazioni locali\Dati applicazioni\Identities\{AD0E8246-C146-4E63-9E57-B255ECB16473}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped

C:\Documents and Settings\www\Impostazioni locali\Dati applicazioni\Identities\{AD0E8246-C146-4E63-9E57-B255ECB16473}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped

C:\Documents and Settings\www\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\www\Impostazioni locali\Dati applicazioni\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\www\Impostazioni locali\Temp\pa_0264.exe Infected: Packed.Win32.PolyCrypt.b skipped

C:\Documents and Settings\www\Impostazioni locali\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\www\ntuser.dat Object is locked skipped

C:\Documents and Settings\www\ntuser.dat.LOG Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Programmi\Alwil Software\Avast4\DATA\log\Warning.log Infected: Trojan-Downloader.JS.IstBar.x skipped

C:\Programmi\HP\hpcoretech\hpcmerr.log Object is locked skipped

C:\RECYCLER\S-1-5-21-1993962763-261903793-725345543-1007\Dc221.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1993962763-261903793-725345543-1007\Dc222.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1993962763-261903793-725345543-1007\Dc223.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1993962763-261903793-725345543-1007\Dc224.jpg Object is locked skipped

C:\RECYCLER\S-1-5-21-1993962763-261903793-725345543-1007\Dc225.jpg Object is locked skipped

C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped

C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped

C:\System Volume Information\catalog.wci\00010002.ci Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped

C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped

C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped

C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped

C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\WINDOWS\csrs.exe Infected: Trojan-Clicker.Win32.Small.kj skipped

C:\WINDOWS\csrss.dll Infected: Trojan-Clicker.Win32.Small.kj skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\system32\~.exe Infected: Trojan-Clicker.Win32.Small.kj skipped

C:\WINDOWS\Temp\Perflib_Perfdata_130.dat Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

J:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

K:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

L:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

M:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.




ho riprovato ad rieseguire Avenger

ma quando si è acceso mi è apparsa quasta finestra:


Impossibile trovare il file specificato.
Impossibile trovare C:\avenger\*.reg
C:\avenger\backup-27.07.2007-18.34.21,96.zip
C:\avenger\backup.zip
1 file copiati.
"zip" non è riconosciuto come comando interno o esterno,
un programma eseguibile o un file batch.


cosa faccio adesso??? Confused
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 27 Lug 2007 19:00    Oggetto: Rispondi citando
Ciao.
Riutilizza Avenger con questo script:

Files to delete:
C:\Documents and Settings\www\72273327.dll
C:\Documents and Settings\www\724471.dll
C:\Documents and Settings\www\7683528.dll
C:\Documents and Settings\www\Impostazioni locali\Temp\pa_0264.exe
C:\WINDOWS\system32\~.exe
C:\WINDOWS\csrs.exe
C:\WINDOWS\csrss.dll

Se non dovesse funzionare, scarica ViRit da quì:-
http://www.tgsoft.it/italy/download.htm
Aggiornalo, e fai lo scan completo riportando quì il risultato.
PS: Tieni presente che tra poco il forum chiuderà per manutenzione e eventualmente ci si vede domenica.
Ciao.
Top
Profilo Invia messaggio privato
mauro137
Eroe
Eroe


Registrato: 26/07/07 16:35
Messaggi: 49
Residenza: Finale Emilia
MessaggioInviato: 27 Lug 2007 19:27    Oggetto: Rispondi citando
ciao, ho fatto con avengere e mi da questa schermata

Impossibile trovare il file specificato.
Impossibile trovare C:\avenger\*.reg
C:\avenger\backup-27.07.2007-18.34.21,96.zip
C:\avenger\backup-27.07.2007-18.40.35,53.zip
1 file copiati.
zip warning: C:/backup.zip not found or empty
adding: avenger/72273327.dll (140 bytes security) (deflated 55%)
adding: avenger/724471.dll (140 bytes security) (deflated 55%)
adding: avenger/7683528.dll (140 bytes security) (deflated 55%)
adding: avenger/avenger.txt (188 bytes security) (deflated 73%)
adding: avenger/backup.reg (188 bytes security) (stored 0%)
adding: avenger/csrss.dll (212 bytes security) (deflated 67%)
adding: avenger/pa_0264.exe (140 bytes security) (deflated 9%)
adding: avenger/~.exe (212 bytes security) (deflated 15%)

io ho premuto l tasto continua poi mi è uscito il log seguente:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\c^cdndkv

*******************

Script file located at: \??\C:\Documents and Settings\fxlatjqb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\www\72273327.dll deleted successfully.
File C:\Documents and Settings\www\724471.dll deleted successfully.
File C:\Documents and Settings\www\7683528.dll deleted successfully.
File C:\Documents and Settings\www\Impostazioni locali\Temp\pa_0264.exe deleted successfully.
File C:\WINDOWS\system32\~.exe deleted successfully.


File C:\WINDOWS\csrs.exe not found!
Deletion of file C:\WINDOWS\csrs.exe failed!

Could not process line:
C:\WINDOWS\csrs.exe
Status: 0xc0000034

File C:\WINDOWS\csrss.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

adesso sto provando virit
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 27 Lug 2007 21:00    Oggetto: Rispondi citando
Bene Very Happy
Come va il PC adesso?
Hai ancora problemi?
Dai una ripulita au file inutili con CCleaner e ATF Cleaner.
Li trovi anche su www.filehippo.com
Ciao.
Top
Profilo Invia messaggio privato
mauro137
Eroe
Eroe


Registrato: 26/07/07 16:35
Messaggi: 49
Residenza: Finale Emilia
MessaggioInviato: 27 Lug 2007 21:06    Oggetto: Rispondi citando
ciao,
adesso sembra che vada bene, la finestra all'avvio non si presenta più,
anche se virit sembra abbia trovato ed eliminato il virus,
ma quando lo lancio la scansione va per un po' poi si chiude da solo.



ciao e grazie tantissimo
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 27 Lug 2007 21:24    Oggetto: Rispondi citando
Prova a fare la scansione con Virit dalla modalità provvisoria.
Il fatto che si chiuda da solo non penso sia normale e poi metti quì il risultato.
Ciao.
Top
Profilo Invia messaggio privato
aris73
Eroe in grazia degli dei
Eroe in grazia degli dei


Registrato: 26/04/07 22:33
Messaggi: 102
MessaggioInviato: 27 Lug 2007 22:15    Oggetto: Rispondi citando
direi che potresti effettuare un scansione con superantispyware da provvisoria http://www.superantispyware.com/downloadfile.html?productid=SUPERANTISPYWAREFREE
aggiornandolo prima ovviamente
Top
Profilo Invia messaggio privato HomePage
mauro137
Eroe
Eroe


Registrato: 26/07/07 16:35
Messaggi: 49
Residenza: Finale Emilia
MessaggioInviato: 31 Lug 2007 06:48    Oggetto: Rispondi citando
ciao, Very Happy
sono riuscito a terminare la scansione con virit,
il problema che impallava i lprogramma e lo faceva chiudere era un file con un nome esageratamente lungo, è bastato eliminarlo ed il software ha terminato la scansione.
Adesso il pc sembra che vada bene, almeno da venerdì sera non ci sono stati più problemi.
Vi ringrazio tantisimo della vostra disponobilità.
Saluti, Mauro137 Very Happy Very Happy
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 31 Lug 2007 11:00    Oggetto: Rispondi
Ottimo Very Happy
Ciao.
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi