Olimpo Informatico

[sagittarjo]

ciao a tutti.
purtroppo ho contratto sta brutta malattia.
Potete aiutarmi?
Questo il mio log di hijack o come si chiama

Scan saved at 13.37.55, on 19/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\Explorer.EXE
D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
D:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Programmi\Samsung\Samsung EDS\EDSAgent.exe
D:\WINDOWS\AGRSMMSG.exe
D:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Programmi\Synaptics\SynTP\SynTPEnh.exe
D:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programmi\Spyware Doctor\SDTrayApp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Skype\Phone\Skype.exe
D:\Programmi\Messenger\msmsgs.exe
D:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Programmi\Google\Google Updater\GoogleUpdater.exe
D:\Programmi\Last.fm\LastFMHelper.exe
D:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Programmi\Skype\Plugin Manager\skypePM.exe
D:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Programmi\File comuni\LightScribe\LSSrvc.exe
D:\Programmi\Spyware Doctor\svcntaux.exe
D:\Programmi\Spyware Doctor\swdsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\alg.exe
D:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
D:\Programmi\Mozilla Firefox\firefox.exe
D:\DOCUME~1\Marco\IMPOST~1\Temp\Directory temporanea 5 per hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inter.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] D:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EDS] D:\Programmi\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "D:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "D:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = D:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Last.fm Helper.lnk = D:\Programmi\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - D:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Programmi\Spyware Doctor\swdsvc.exe

grazie

[sagittarjo]

Scusate, ho letto solo adesso un po' di avvisi e regole del blog.
vi fornirò ora + informazioni e un log di haijack + pulito.
Sul mio pc ho 2 sistemi operativi xp e vista ; i virus li ho contratti con xp e le scansioni con spydoctor,avira e spybot search and destroy le ho fatte su xp. Con spy bot ho eliminato certe infezioni e la mia diagnosi di spydoctor è scesa da 13 infezioni(tra cui anche un trojahorse) a 3 infezioni(dialer). Ho anche scansionato da vista con mcafee riuscendo ad eliminare altre infezioni.
Dopo ho fatto il log di hijack ed ho eliminato 3 voci come mi era stato suggerito nell'interpretazione del log. Nonostante cio' ho sempre 3 infezioni(dialer.instant_access) da spydoctor scan. Spero di non avere incasinato troppo la situazione . Ora vi ridò il log di haijack dopo aver chiuso i programmi:

[sagittarjo]

Scan saved at 14.52.25, on 19/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\Explorer.EXE
D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
D:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Programmi\Samsung\Samsung EDS\EDSAgent.exe
D:\WINDOWS\AGRSMMSG.exe
D:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\Programmi\Synaptics\SynTP\SynTPEnh.exe
D:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programmi\Spyware Doctor\SDTrayApp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Messenger\msmsgs.exe
D:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Programmi\Google\Google Updater\GoogleUpdater.exe
D:\Programmi\Last.fm\LastFMHelper.exe
D:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Programmi\File comuni\LightScribe\LSSrvc.exe
D:\Programmi\Spyware Doctor\svcntaux.exe
D:\Programmi\Spyware Doctor\swdsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\alg.exe
D:\Programmi\Mozilla Firefox\firefox.exe
D:\DOCUME~1\Marco\IMPOST~1\Temp\Directory temporanea 4 per hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inter.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] D:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EDS] D:\Programmi\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "D:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "D:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = D:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Last.fm Helper.lnk = D:\Programmi\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - D:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Programmi\Spyware Doctor\swdsvc.exe

scusate per la confusione ecco qua e grazie

[bdoriano]

Ciao sagittarjo,

Stranamente, dai logs di hijackthis non si vede nulla.

Prova a fare questi passaggi:
Scansione con FindAWF
Scansioni con GMER e posta i logs su FreeFileHosting come indicato qui.

PS: se vuoi, puoi presentarti qui

edit:
dimenticavo, hijackthis va salvato in una sua cartella non temporanea e non sul desktop.

[sagittarjo]

ok, penso che AWS non abbia trovato niente, ecco i risultati:

Version 1.40



bak folders found
~~~~~~~~~~~



Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~



end of report

ora provo con gmer, intanto grazie

[sagittarjo]

ecco il risultato del primo passaggio con gmer:
gmer log.txt

ora procedo col secondo

[sagittarjo]

Purtroppo non riesco a portare a termine il secondo passaggio con gmer:
dopo 4 min. di scan dei rootkit mi si arresta il sistema, ho già provato 3 volte

[Sante62]

[sagittarjo]

ciao Sante62 e grazie per l'aiuto ma purtroppo lo scan di spydoctor continua a segnalarmi 3 infezioni da dialer. Ecco qua il log di virIT:


[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
19/12/2007 - 17:47:20

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 5855.
Files Totali: 5855.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
19/12/2007 - 17:52:43

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


[D:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

D:\Documents and Settings\Marco\Dati applicazioni\setup_it[1].exe Infetto da FraudTool.PulituraSystem.A
* * * RIMOSSO * * *
D:\Documents and Settings\Marco\Impostazioni locali\Temporary Internet Files\Content.IE5\OGSZEZRX\setup_it[1].exe Infetto da FraudTool.PulituraSystem.A
* * * RIMOSSO * * *

[E:]


Chiavi Registro infette: 0.
Files Infetti: 2.
Files Sospetti: 0.
Files Analizzati: 135079.
Files Totali: 135079.
Chiavi Registro rimosse: 0.
Virus Rimossi: 2.

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------

[Sante62]

[sagittarjo]

ok, rieccomi qua, ma voi lavorate anche di notte???
dunque ho scannerizzato con spotware che ha rimosso drive cleaner 2006
poi scan con virIT che ha rimosso 2 infezioni fraudtool.puliturasystem.a
poi scan con macafee che ha rimosso 2 miseri cookies
poi log di haijeck non ha rilevato niente di particolare se non 3 voci abbastanza sospette ma non rosse
poi log di gmail secondo passaggio nuovamente interrotto, allora ho provato a cambiare sistema operativo poichè xp è + infetto di vista, così sono riuscito, ecco qua risultati di freefilehosting:
log di gmer 1.txt

ed il secondo passaggio:
log di gmer 2.txt

a dopo e grazie

[sagittarjo]

dimenticavo, xp sta diventando sempre + lento

[Sante62]

Dai log di GMER non si vede nulla.
Poi guarda questa discussione relativa a RogueRemover, Combofix e SmithFraudFix. Scaricali tutti, e fai la scansione del PC, postando i relativi risultati. Alla fine posta anche un nuovo log di Hijackthis.-

[sagittarjo]

Dunque, intanto buongiorno. Ho fatto tutto, rogue remover mi ha scannerizzato in un secondo(è normale?), combofix e fraud sono stati anche loro rapidi. questo è hijack dopo :

Scan saved at 13.33.50, on 20/12/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\WINDOWS\Explorer.EXE
D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe
D:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
D:\WINDOWS\RTHDCPL.EXE
D:\Programmi\Samsung\Samsung EDS\EDSAgent.exe
D:\Programmi\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
D:\WINDOWS\AGRSMMSG.exe
D:\Programmi\Synaptics\SynTP\SynTPEnh.exe
D:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
D:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\Programmi\Spyware Doctor\SDTrayApp.exe
D:\VEXPLITE\MONLITE.EXE
D:\Programmi\COMODO\Firewall\cfp.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
D:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Programmi\Google\Google Updater\GoogleUpdater.exe
D:\Programmi\Last.fm\LastFMHelper.exe
D:\Programmi\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\Programmi\COMODO\Firewall\cmdagent.exe
D:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
D:\Programmi\File comuni\LightScribe\LSSrvc.exe
D:\Programmi\Spyware Doctor\svcntaux.exe
D:\Programmi\Spyware Doctor\swdsvc.exe
D:\WINDOWS\system32\svchost.exe
D:\VEXPLITE\viritsvc.exe
D:\WINDOWS\System32\alg.exe
D:\Programmi\Mozilla Firefox\firefox.exe
D:\VEXPLITE\VIRITEXP.EXE
D:\WINDOWS\system32\wuauclt.exe
D:\DOCUME~1\Marco\IMPOST~1\Temp\Directory temporanea 1 per hijackthis_199.zip\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.inter.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - D:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - D:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [RemoteControl] "D:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [StartCCC] D:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [EDS] D:\Programmi\Samsung\Samsung EDS\EDSAgent.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPEnh] D:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [avgnt] "D:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "D:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] D:\VEXPLITE\MONLITE.EXE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Programmi\COMODO\Firewall\cfp.exe" -s
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "D:\Programmi\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "D:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = D:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Google Updater.lnk = D:\Programmi\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Last.fm Helper.lnk = D:\Programmi\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - D:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - D:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - D:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: D:\WINDOWS\system32\guard32.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - D:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - D:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - COMODO - D:\Programmi\COMODO\Firewall\cmdagent.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Programmi\Spyware Doctor\swdsvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - D:\VEXPLITE\viritsvc.exe

questo è combofix:

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.1142 [GMT 1:00]
Eseguito da: D:\Documents and Settings\Marco\Desktop\ComboFix(2).exe
* Creato nuovo punto di ripristino
.
The following files were disabled during the run:
D:\WINDOWS\system32\guard32.dll


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\All Users\Desktop\webmediaplayer.lnk
D:\Documents and Settings\All Users\Menu Avvio\Programmi.\WebMediaPlayer
D:\Documents and Settings\All Users\Menu Avvio\Programmi.\WebMediaPlayer\Privacy Policy.lnk
D:\Documents and Settings\All Users\Menu Avvio\Programmi.\WebMediaPlayer\Terms and conditions.lnk
D:\Documents and Settings\All Users\Menu Avvio\Programmi.\WebMediaPlayer\WebMediaPlayer.lnk
D:\Documents and Settings\All Users\Menu Avvio\Programmi.\WebMediaPlayer\Website.lnk
D:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Privacy Policy.lnk
D:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Terms and conditions.lnk
D:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\WebMediaPlayer.lnk
D:\Documents and Settings\All Users\Menu Avvio\Programmi\WebMediaPlayer\Website.lnk
D:\Documents and Settings\Marco\Impostazioni locali\Dati applicazioni\rvpwovvek.dat
D:\Documents and Settings\Marco\Impostazioni locali\Dati applicazioni\rvpwovvek_nav.dat
D:\Documents and Settings\Marco\Impostazioni locali\Dati applicazioni\rvpwovvek_navps.dat
D:\Programmi\webmediaplayer
D:\Programmi\webmediaplayer\Privacy Policy.url
D:\Programmi\webmediaplayer\resources\languages_v2.xml
D:\Programmi\webmediaplayer\resources\webmedias
D:\Programmi\webmediaplayer\skins\classic.skn
D:\Programmi\webmediaplayer\sqlite3.dll
D:\Programmi\webmediaplayer\Terms and conditions.url
D:\Programmi\webmediaplayer\uninst.exe
D:\Programmi\webmediaplayer\WebMediaPlayer.exe
D:\Programmi\webmediaplayer\Website.url

.
((((((((((((((((((((((((( Files Creati Da 2007-11-20 al 2007-12-20 )))))))))))))))))))))))))))))))))))
.

2007-12-20 12:16 . 2007-12-20 12:17 <DIR> d-------- D:\Programmi\RogueRemover FREE
2007-12-19 18:58 . 2007-12-19 18:58 <DIR> d-------- D:\Programmi\COMODO
2007-12-19 18:58 . 2007-12-19 18:58 <DIR> d-------- D:\Documents and Settings\Marco\Dati applicazioni\Comodo
2007-12-19 18:58 . 2007-12-19 19:02 <DIR> d-------- D:\Documents and Settings\All Users\Dati applicazioni\comodo
2007-12-19 18:58 . 2007-12-19 18:58 139,008 --a------ D:\WINDOWS\system32\guard32.dll.vir
2007-12-19 18:58 . 2007-12-19 18:58 81,272 --a------ D:\WINDOWS\system32\drivers\cmdGuard.sys
2007-12-19 18:58 . 2007-12-19 18:58 23,672 --a------ D:\WINDOWS\system32\drivers\cmdhlp.sys
2007-12-19 17:44 . 2007-10-10 09:00 36,096 --a------ D:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2007-12-19 17:43 . 2007-12-19 18:23 <DIR> d-------- D:\VEXPLITE
2007-12-19 16:02 . 2007-12-20 00:21 250 --a------ D:\WINDOWS\gmer.ini
2007-12-19 16:00 . 2007-12-19 16:01 <DIR> d-------- D:\Programmi\GMER
2007-12-18 23:06 . 2007-12-18 23:24 <DIR> d-------- D:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2007-12-18 22:29 . 2007-12-18 22:29 <DIR> dr------- D:\Documents and Settings\LocalService\Preferiti
2007-12-18 22:29 . 2007-12-18 22:29 <DIR> d-------- D:\Documents and Settings\LocalService\Dati applicazioni\Talkback
2007-12-18 20:32 . 2007-12-20 12:30 <DIR> d-------- D:\Programmi\Spyware Doctor
2007-12-18 20:32 . 2007-12-18 20:32 <DIR> d-------- D:\Documents and Settings\Marco\Dati applicazioni\PC Tools
2007-12-18 20:32 . 2007-12-19 12:03 74,240 --a------ D:\WINDOWS\system32\drivers\iksyssec.sys
2007-12-18 20:32 . 2007-12-19 12:03 56,832 --a------ D:\WINDOWS\system32\drivers\iksysflt.sys
2007-12-18 20:32 . 2007-10-18 00:14 41,288 --a------ D:\WINDOWS\system32\drivers\ikfilesec.sys
2007-12-18 20:32 . 2007-10-18 00:16 29,000 --a------ D:\WINDOWS\system32\drivers\kcom.sys
2007-12-18 13:26 . 2007-12-20 12:09 <DIR> d-a------ D:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-12-18 13:25 . 2005-09-23 07:29 626,688 --a------ D:\WINDOWS\system32\msvcr80.dll
2007-12-18 13:25 . 2005-07-06 17:13 499,712 --a------ D:\WINDOWS\system32\msvcp71.dll
2007-12-18 13:24 . 2007-12-19 15:40 <DIR> d-------- D:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2007-12-18 13:11 . 2007-12-18 13:11 0 --a------ D:\WINDOWS\nsreg.dat
2007-12-18 12:39 . 2007-12-18 12:39 <DIR> d-------- D:\Programmi\File comuni\SenzaDoppioni
2007-12-18 12:39 . 2004-10-07 13:39 89,088 --a------ D:\WINDOWS\system32\atl71.dll
2007-12-17 23:58 . 2007-12-18 13:19 <DIR> d-------- D:\Documents and Settings\All Users\Dati applicazioni\SITEguard
2007-12-17 23:57 . 2007-12-17 23:57 <DIR> d-------- D:\Programmi\File comuni\iS3
2007-12-17 23:57 . 2007-12-18 13:41 <DIR> d-------- D:\Documents and Settings\All Users\Dati applicazioni\STOPzilla!
2007-12-17 19:26 . 2007-12-17 19:26 <DIR> d-------- D:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2007-12-13 19:26 . 2007-12-18 13:53 <DIR> d-------- D:\WINDOWS\SxsCaPendDel
2007-12-12 20:16 . 2007-10-21 18:33 241,664 --a------ D:\WINDOWS\system32\UCLiveSocket.dll
2007-12-12 20:14 . 2007-10-21 19:24 577,536 --a------ D:\WINDOWS\system32\UCLiveCtrl.ocx
2007-12-12 16:31 . 2007-10-21 19:24 159,744 --a------ D:\WINDOWS\system32\UCLiveCore.dll
2007-12-12 16:31 . 2007-12-12 16:31 0 --a------ D:\WINDOWS\system32\~GLH0002.TMP
2007-12-11 23:34 . 2007-12-11 23:34 1,044,480 --a------ D:\WINDOWS\system32\libdivx.dll
2007-12-11 23:34 . 2007-12-11 23:34 200,704 --a------ D:\WINDOWS\system32\ssldivx.dll
2007-12-11 17:47 . 2007-12-11 17:47 <DIR> d-------- D:\Documents and Settings\Marco\Dati applicazioni\Babylon
2007-12-11 17:47 . 2007-12-11 17:47 <DIR> d-------- D:\Documents and Settings\All Users\Dati applicazioni\Babylon
2007-12-11 17:14 . 2007-12-11 17:14 <DIR> d-------- D:\Programmi\File comuni\Synacast
2007-12-11 17:14 . 2007-12-11 17:14 <DIR> d-------- D:\Documents and Settings\Marco\Dati applicazioni\PPMate
2007-12-10 23:59 . 2007-12-13 12:46 <DIR> d-------- D:\Programmi\DivX
2007-12-10 15:51 . 2007-12-10 15:51 <DIR> d-------- D:\Documents and Settings\Marco\Dati applicazioni\Media Player Classic
2007-12-10 15:20 . 2007-12-10 15:20 <DIR> d-------- D:\Programmi\Windows Media Connect 2
2007-12-10 15:19 . 2007-12-10 15:19 <DIR> d-------- D:\WINDOWS\system32\LogFiles
2007-12-10 15:19 . 2007-12-10 15:20 <DIR> d-------- D:\WINDOWS\system32\drivers\UMDF
2007-12-10 01:40 . 2007-12-13 15:39 69 --a------ D:\WINDOWS\NeroDigital.ini
2007-12-10 01:27 . 2007-12-10 01:29 <DIR> d-------- D:\WINDOWS\system32\NtmsData
2007-12-10 00:06 . 2007-12-11 16:42 <DIR> d-------- D:\Programmi\eMule
2007-12-09 22:51 . 2007-12-09 22:52 <DIR> d-------- D:\Programmi\TVUPlayer
2007-12-09 22:51 . 2007-12-09 22:52 <DIR> d-------- D:\Documents and Settings\Marco\Dati applicazioni\TVU Networks
2007-12-09 15:30 . 2007-12-09 15:30 <DIR> d--h----- D:\WINDOWS\PIF
2007-12-09 13:37 . 2007-12-11 21:57 13 --a------ D:\WINDOWS\msgtn.ini
2007-12-09 13:36 . 2007-12-13 10:22 <DIR> d-------- D:\Documents and Settings\Marco\Dati applicazioni\ppstream
2007-12-09 13:36 . 2006-04-20 12:51 359,808 --a------ D:\WINDOWS\system32\drivers\tcpip.sys.old
2007-12-08 22:05 . 2007-12-08 22:05 <DIR> d-------- D:\Programmi\K-Lite Codec Pack
2007-12-08 21:54 . 2007-12-08 21:54 <DIR> d-------- D:\Documents and Settings\Marco\Dati applicazioni\CyberLink
2007-12-08 21:53 . 2007-12-08 21:53 <DIR> d-------- D:\Documents and Settings\All Users\Dati applicazioni\CyberLink
2007-12-08 21:49 . 2007-12-18 13:24 <DIR> d-------- D:\Programmi\Google
2007-12-08 21:39 . 2004-08-03 23:10 85,376 --a------ D:\WINDOWS\system32\drivers\NABTSFEC.sys
2007-12-08 21:38 . 2001-08-17 22:05 314,752 --a------ D:\WINDOWS\system32\drivers\CamDrO21.sys
2007-12-08 21:35 . 2007-12-20 12:09 <DIR> d-------- D:\Documents and Settings\Marco\Dati applicazioni\skypePM
2007-12-08 21:35 . 2007-12-08 21:35 32 --a------ D:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2007-12-08 21:33 . 2007-12-08 21:33 <DIR> d-------- D:\Programmi\Skype
2007-12-08 21:33 . 2007-12-08 21:33 <DIR> d-------- D:\Programmi\File comuni\Skype
2007-12-08 21:33 . 2007-12-20 12:10 <DIR> d-------- D:\Documents and Settings\Marco\Dati applicazioni\Skype
2007-12-08 21:32 . 2007-12-08 21:33 <DIR> d-------- D:\Documents and Settings\All Users\Dati applicazioni\Skype
2007-12-08 21:24 . 2007-12-08 21:24 <DIR> d-------- D:\Documents and Settings\All Users\Dati applicazioni\Last.fm
2007-12-08 21:20 . 2007-12-08 21:20 <DIR> d-------- D:\Programmi\Last.fm
2007-12-08 20:23 . 2007-12-08 20:23 <DIR> d-------- D:\Programmi\Avira
2007-12-08 20:23 . 2007-12-08 20:23 <DIR> d-------- D:\Documents and Settings\All Users\Dati applicazioni\Avira
2007-12-06 04:25 . 2007-12-06 04:37 <DIR> d-------- D:\SamsungRecovery
2007-11-29 22:30 . 2007-11-29 22:30 <DIR> dr-h----- D:\MSOCache
2007-11-29 19:09 . 2007-11-29 19:09 <DIR> d-------- D:\Programmi\File comuni\Adobe Systems Shared
2007-11-29 19:09 . 2007-11-29 19:09 <DIR> d-------- D:\Documents and Settings\All Users\Dati applicazioni\Adobe Systems
2007-11-29 18:12 . 2007-12-12 13:44 <DIR> d--h----- D:\WINDOWS\$hf_mig$
2007-11-29 18:09 . 2007-11-29 18:09 <DIR> d--hs---- D:\Documents and Settings\Marco\UserData
2007-11-29 18:09 . 2007-11-29 18:09 13,646 --a------ D:\WINDOWS\system32\wpa.bak
2007-11-29 18:05 . 2007-11-29 18:05 <DIR> d-------- D:\WINDOWS\system32\Lang
2007-11-29 18:05 . 2007-11-29 18:05 940,794 --a------ D:\WINDOWS\system32\LoopyMusic.wav
2007-11-29 18:05 . 2007-11-29 18:05 146,650 --a------ D:\WINDOWS\system32\BuzzingBee.wav
2007-11-29 18:03 . 2007-11-29 18:03 <DIR> d-------- D:\Programmi\Synaptics
2007-11-29 18:03 . 2007-11-29 18:02 191,936 --a------ D:\WINDOWS\system32\drivers\SynTP.sys
2007-11-29 18:03 . 2007-11-29 18:02 114,688 --a------ D:\WINDOWS\system32\SynCtrl.dll
2007-11-29 18:03 . 2007-11-29 18:02 94,299 --a------ D:\WINDOWS\system32\SynTPAPI.dll
2007-11-29 18:03 . 2007-11-29 18:02 82,014 --a------ D:\WINDOWS\system32\SynCOM.dll
2007-11-29 18:03 . 2007-11-29 18:02 81,920 --a------ D:\WINDOWS\system32\SynTPCo2.dll
2007-11-29 18:03 . 2007-11-29 18:02 69,723 --a------ D:\WINDOWS\system32\SynTPFcs.dll
2007-11-29 18:02 . 2007-11-29 18:02 <DIR> d-------- D:\Documents and Settings\Marco\Bluetooth Software
2007-11-29 18:01 . 2007-11-29 18:01 <DIR> d-------- D:\Programmi\WIDCOMM
2007-11-29 18:01 . 2007-11-29 18:00 876,384 --a------ D:\WINDOWS\system32\drivers\btkrnl.sys
2007-11-29 18:01 . 2007-11-29 18:00 539,072 --a------ D:\WINDOWS\system32\drivers\btaudio.sys
2007-11-29 18:01 . 2007-11-29 18:00 149,123 --a------ D:\WINDOWS\system32\drivers\btwdndis.sys
2007-11-29 18:01 . 2007-11-29 18:01 106,557 --a------ D:\WINDOWS\system32\btw_ci.dll
2007-11-29 18:01 . 2007-11-29 18:01 67,960 --a------ D:\WINDOWS\system32\drivers\btwusb.sys
2007-11-29 18:01 . 2007-11-29 18:00 37,424 --a------ D:\WINDOWS\system32\drivers\btport.sys
2007-11-29 18:01 . 2007-11-29 18:01 37,280 --a------ D:\WINDOWS\system32\drivers\btwmodem.sys
2007-11-29 18:00 . 2007-11-29 18:00 <DIR> d-------- D:\WINDOWS\Options
2007-11-29 18:00 . 2007-11-29 17:59 68,608 --------- D:\WINDOWS\system32\agrsmdel.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-29 17:01 86,016 ----a-w D:\WINDOWS\system32\BtMmHook.dll
2007-11-29 17:01 3,182,592 ----a-w D:\WINDOWS\system32\btrez.dll
2007-11-29 16:59 89,542 ----a-w D:\WINDOWS\AGRSMMSG.exe
2007-11-29 16:59 68,608 ----a-w D:\WINDOWS\agrsmdel.exe
2007-11-29 16:59 1,161,152 ----a-w D:\WINDOWS\system32\drivers\AGRSM.sys
2007-11-29 16:38 315,392 ----a-w D:\WINDOWS\HideWin.exe
2007-11-29 16:37 9,715,200 ----a-w D:\WINDOWS\RTLCPL.exe
2007-11-29 16:37 86,016 ----a-w D:\WINDOWS\SoundMan.exe
2007-11-29 16:37 69,632 ----a-w D:\WINDOWS\Alcmtr.exe
2007-11-29 16:37 520,192 ----a-w D:\WINDOWS\RtlExUpd.dll
2007-11-29 16:37 49,152 ----a-w D:\WINDOWS\system32\ChCfg.exe
2007-11-29 16:37 4,449,280 ----a-w D:\WINDOWS\system32\drivers\RtkHDAud.sys
2007-11-29 16:37 2,808,832 ----a-w D:\WINDOWS\alcwzrd.exe
2007-11-29 16:37 2,165,760 ----a-w D:\WINDOWS\MicCal.exe
2007-11-29 16:37 16,380,416 ----a-w D:\WINDOWS\RTHDCPL.exe
2007-11-29 16:37 1,826,816 ----a-w D:\WINDOWS\SkyTel.exe
2007-11-29 16:37 1,191,936 ----a-w D:\WINDOWS\RtlUpd.exe
2007-11-29 16:36 249,856 ----a-w D:\WINDOWS\system32\drivers\yk51x86.sys
2007-11-29 16:09 929 ----a-w D:\WINDOWS\system32\drivers\ativcaxx.vp
2007-11-29 16:09 8,241,152 ----a-w D:\WINDOWS\system32\atioglx2.dll
2007-11-29 16:09 53,248 ----a-w D:\WINDOWS\system32\ATIDDC.DLL
2007-11-29 16:09 5,435,392 ----a-w D:\WINDOWS\system32\atioglxx.dll
2007-11-29 16:09 49,152 ----a-w D:\WINDOWS\system32\drivers\ati2erec.dll
2007-11-29 16:09 483,328 ----a-w D:\WINDOWS\system32\ati2evxx.exe
2007-11-29 16:09 450,560 ----a-w D:\WINDOWS\system32\ati2cqag.dll
2007-11-29 16:09 45,296 ----a-w D:\WINDOWS\system32\drivers\ativvpxx.vp
2007-11-29 16:09 43,520 ----a-w D:\WINDOWS\system32\ati2edxx.dll
2007-11-29 16:09 344,064 ----a-w D:\WINDOWS\system32\ATIDEMGX.dll
2007-11-29 16:09 307,200 ----a-w D:\WINDOWS\system32\atiiiexx.dll
2007-11-29 16:09 3,067,712 ----a-w D:\WINDOWS\system32\ati3duag.dll
2007-11-29 16:09 269,312 ----a-w D:\WINDOWS\system32\ati2dvag.dll
2007-11-29 16:09 266,240 ----a-w D:\WINDOWS\system32\atikvmag.dll
2007-11-29 16:09 26,112 ----a-w D:\WINDOWS\system32\Ati2mdxx.exe
2007-11-29 16:09 2,372,096 ----a-w D:\WINDOWS\system32\drivers\ati2mtag.sys
2007-11-29 16:09 2,096 ----a-w D:\WINDOWS\system32\drivers\ativdkxx.vp
2007-11-29 16:09 2,096 ----a-w D:\WINDOWS\system32\drivers\ativckxx.vp
2007-11-29 16:09 176,128 ----a-w D:\WINDOWS\system32\atiok3x2.dll
2007-11-29 16:09 17,408 ----a-w D:\WINDOWS\system32\atitvo32.dll
2007-11-29 16:09 143,360 ----a-w D:\WINDOWS\system32\atipdlxx.dll
2007-11-29 16:09 118,784 ----a-w D:\WINDOWS\system32\ati2evxx.dll
2007-11-29 16:09 1,550,208 ----a-w D:\WINDOWS\system32\ativvaxx.dll
2007-11-29 16:09 1,311,202 ----a-w D:\WINDOWS\system32\drivers\ativcaxx.cpa
2007-11-27 02:48 --------- d-----w D:\Programmi\File comuni\SpeechEngines
2007-11-27 02:48 --------- d-----w D:\Programmi\File comuni\ODBC
2007-11-27 02:03 --------- d-----w D:\Programmi\microsoft frontpage
2007-11-27 02:01 --------- d-----w D:\Programmi\Servizi in linea
2007-11-27 02:00 --------- d-----w D:\Programmi\File comuni\MSSoap
2007-11-13 10:25 20,480 ----a-w D:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:42 1,292,800 ----a-w D:\WINDOWS\system32\quartz.dll
2007-10-25 08:28 222,720 ----a-w D:\WINDOWS\system32\wmasf.dll
2007-09-28 16:07 3,596,288 ----a-w D:\WINDOWS\system32\qt-dx331.dll
2007-09-28 16:05 81,920 ----a-w D:\WINDOWS\system32\dpl100.dll
2007-09-28 16:05 739,840 ----a-w D:\WINDOWS\system32\divx.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39]
"Skype"="D:\Programmi\Skype\Phone\Skype.exe" [2007-11-16 12:39]
"MSMSGS"="D:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24]
"SpybotSD TeaTimer"="D:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="D:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 00:47]
"RemoteControl"="D:\Programmi\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 20:24]
"NeroFilterCheck"="D:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"StartCCC"="D:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 12:35]
"RTHDCPL"="RTHDCPL.EXE" [2007-11-29 17:37 D:\WINDOWS\RTHDCPL.exe]
"EDS"="D:\Programmi\Samsung\Samsung EDS\EDSAgent.exe" [2007-01-11 10:08]
"AGRSMMSG"="AGRSMMSG.exe" [2007-11-29 17:59 D:\WINDOWS\AGRSMMSG.exe]
"SynTPEnh"="D:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2007-11-29 18:02]
"avgnt"="D:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-08 20:25]
"Adobe Reader Speed Launcher"="D:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51]
"SDTray"="D:\Programmi\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]
"VIRIT LITE MONITOR"="D:\VEXPLITE\MONLITE.EXE" [2007-12-19 17:47]
"COMODO Firewall Pro"="D:\Programmi\COMODO\Firewall\cfp.exe" [2007-12-19 18:58]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39]

D:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
BTTray.lnk - D:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 09:02:38]
Google Updater.lnk - D:\Programmi\Google\Google Updater\GoogleUpdater.exe [2007-12-18 13:24:30]
Last.fm Helper.lnk - D:\Programmi\Last.fm\LastFMHelper.exe [2007-12-08 21:20:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"= D:\WINDOWS\system32\guard32.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

R0 VIRAGTLT;VIRAGTLT;D:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2007-10-10 09:00]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;D:\WINDOWS\system32\DRIVERS\cmdguard.sys [2007-12-19 18:58]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;D:\WINDOWS\system32\DRIVERS\cmdhlp.sys [2007-12-19 18:58]
R2 viritsvclite;Virit eXplorer Lite;D:\VEXPLITE\viritsvc.exe [2007-12-19 17:47]
R3 DNSeFilter;DNSeFilter;D:\WINDOWS\system32\drivers\SamsungEDS.sys [2006-10-12 12:12]
S3 ADM8511;Convertitore ADMtek ADM8511/AN986 da USB a Fast Ethernet;D:\WINDOWS\system32\DRIVERS\ADM8511.SYS [2001-08-17 20:11]
S3 PhilCam8116;Logitech QuickCam Pro 3000 (08B0);D:\WINDOWS\system32\DRIVERS\CamDrO21.sys [2001-08-17 22:05]

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1333 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-20 12:35:02
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: D:\WINDOWS\system32\winlogon.exe
-> D:\WINDOWS\system32\guard32.dll

PROCESS: D:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> D:\WINDOWS\system32\guard32.dll
.
Ora fine scansione: 2007-12-20 12.35.47
.
2007-12-12 13:39:05 --- E O F ---

e questo è fraud:



Scan done at 13.25.40,26, 20/12/2007
Run from C:\Users\Admin\Desktop\SmitfraudFix
OS: Microsoft Windows [Versione 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1 localhost
::1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix.exe by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6FB3EDA2-D739-4D27-A858-2E1E96381C79}: DhcpNameServer=192.168.123.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

per rogue remuver era tutto ok
a dopo

[sagittarjo]

posto di seguito il lg di avira, magari torna utile:



AntiVir PersonalEdition Classic
Report file date: giovedì 20 dicembre 2007 14:44

Scanning for 981559 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: SYSTEM
Computer name: PC-MARCO

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:29
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:51
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:47
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:20
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:15
ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 23:55:12
ANTIVIR2.VDF : 7.0.1.96 2048 Bytes 14/12/2007 23:55:12
ANTIVIR3.VDF : 7.0.1.123 122368 Bytes 19/12/2007 18:58:26
AVEWIN32.DLL : 7.6.0.46 3084800 Bytes 19/12/2007 18:58:36
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:26
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:17
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.2 360488 Bytes 19/12/2007 18:58:39
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:06
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:33
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:18
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:42
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:13
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:37
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:21

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: d:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: giovedì 20 dicembre 2007 14:44

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'VIRITSVC.EXE' - '1' Module(s) have been scanned
Scan process 'skypePM.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'swdsvc.exe' - '1' Module(s) have been scanned
Scan process 'svcntaux.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'cmdagent.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'LastFMHelper.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'BTTray.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'msmsgs.exe' - '1' Module(s) have been scanned
Scan process 'Skype.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'cfp.exe' - '1' Module(s) have been scanned
Scan process 'MONLITE.EXE' - '1' Module(s) have been scanned
Scan process 'SDTrayApp.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'AGRSMMSG.exe' - '1' Module(s) have been scanned
Scan process 'EDSAgent.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.exe' - '1' Module(s) have been scanned
Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned
Scan process 'GrooveMonitor.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'btwdins.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '32' files ).


Starting the file scan:

Begin scan in 'C:\' <VISTA>
Begin scan in 'D:\' <XP>
D:\pagefile.sys
[WARNING] The file could not be opened!


End of the scan: giovedì 20 dicembre 2007 15:29
Used time: 45:51 min

The scan has been done completely.

18777 Scanning directories
285571 Files were scanned
0 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
285571 Files not concerned
2127 Archives were scanned
1 Warnings
0 Notes

[sagittarjo]

ora spydoctor mi rileva 3 infezioni:

il solito dialer_instant.access

trojan-PWS.tanspy

trojan.generic

sono messo tanto male?

[sagittarjo]

spybot mi ha rimosso nuovamente drivecleaner 2006

[Sante62]

[sagittarjo]

be', grazie di cuore sante67 e tutti voi altri, siete gentilissimi!!

ora procedo con lo scan, a dopo

[sagittarjo]

buuuuuu sono molto demoralizzato anche se forse è bene: kaspersky mi ha trovato ben 5 virus e 20 infezioni aimè.
ecco qua il report dopo freefilehosting:

kaspersky report2.html

non finirò mai di ringraziarvi per la cortesia