Olimpo Informatico

[AlePv]

Ciao a tutti, ieri ho acceso il pc e avast dice di aver trovato un malware nel seguente file
C:\WINDOWS\system32\drivers\vga.sys
cosa devo fare?sposto, cancello, cancello nel cestino??o altro?
Grazie

[Sante62]

Ciao AlePv
Per il momento non cancellare nulla....

Fai invece queste scansioni:
CCleaner;
Combofix;
Virit;
Hijackthis;

[AlePv]

ComboFix 08-05-27.4 - Compaq_Proprietario 2008-05-28 18.21.36.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.506 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Compaq_Proprietario\Documenti\Punto Ale\log 2\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\autorun.inf
C:\WINDOWS\system32\fool0.dll
C:\WINDOWS\system32\fool1.dll
C:\WINDOWS\system32\ieso0.dll
C:\WINDOWS\system32\kxvo.exe
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Creati Da 2008-04-28 al 2008-05-28 )))))))))))))))))))))))))))))))))))
.

2008-05-27 19:46 . 2008-05-27 19:45 165,180 -r-hs---- C:\ou0msn.cmd
2008-05-27 19:44 . 2008-05-27 17:10 164,765 -r-hs---- C:\b2.exe
2008-05-08 13:25 . 2008-05-08 13:26 <DIR> d-------- C:\Documents and Settings\Compaq_Proprietario\.freemind
2008-04-29 14:49 . 2008-05-28 18:28 3,284 --a------ C:\WINDOWS\system32\ANIWZCS{D4E5C8F4-660D-4BD3-9762-3EEA91EB1306}
2008-04-29 14:49 . 2008-05-28 18:27 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME
2008-04-29 14:48 . 2008-05-28 18:28 7 --a------ C:\WINDOWS\system32\ANIWZCSUSERNAME{D4E5C8F4-660D-4BD3-9762-3EEA91EB1306}
2008-04-29 14:46 . 2008-04-29 14:46 <DIR> d-------- C:\Programmi\Wireless USB adapter Alice G-132
2008-04-29 14:46 . 2008-04-29 14:46 <DIR> d-------- C:\Programmi\ANI
2008-04-28 17:25 . 2008-04-28 18:43 <DIR> d-------- C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\Voipwise
2008-04-28 17:20 . 2008-04-28 17:20 <DIR> d-------- C:\Programmi\Voipwise.com

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-28 16:13 20,992 ----a-w C:\WINDOWS\system32\drivers\vga.sys
2008-05-24 14:49 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-05-22 16:51 --------- d-----w C:\Programmi\Windows Live Safety Center
2008-05-20 16:06 --------- d-----w C:\Programmi\TrackMania Nations ESWC
2008-05-18 16:39 --------- d-----w C:\Programmi\Scudetto 2007
2008-05-18 13:33 --------- d-----w C:\Programmi\FrostWire
2008-05-15 11:22 --------- d-----w C:\Programmi\Safari
2008-05-15 11:19 --------- d-----w C:\Programmi\Apple Software Update
2008-05-14 16:21 3,532 ----a-w C:\drmHeader.bin
2008-05-12 19:34 --------- d-----w C:\Programmi\File comuni\Adobe
2008-05-12 19:32 --------- d-----w C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\AdobeUM
2008-04-30 15:59 --------- d-----w C:\Programmi\GameShadow
2008-04-29 12:46 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-04-28 11:46 --------- d-----w C:\Programmi\BitComet
2008-04-14 08:14 --------- d-----w C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\FrostWire
2008-04-10 16:15 --------- d-----w C:\Programmi\Activision
2008-04-09 10:47 --------- d-----w C:\Programmi\DivX
2008-04-09 09:49 81,920 ----a-w C:\WINDOWS\ALCFDRTM.EXE
2008-04-09 09:40 315,392 ----a-w C:\WINDOWS\HideWin.exe
2008-04-09 09:40 --------- d-----w C:\Programmi\Realtek
2008-04-09 07:55 --------- d-----w C:\Programmi\QuickTime
2008-04-08 14:32 --------- d-----w C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\Earthsim
2008-04-08 14:32 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Earthsim
2008-04-06 21:17 --------- d-----w C:\Programmi\iTunes
2008-04-06 21:17 --------- d-----w C:\Programmi\iPod
2008-04-06 21:04 --------- d-----w C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\Skype
2008-04-06 21:03 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-04-06 21:03 --------- d-----w C:\Programmi\Skype
2008-04-06 21:03 --------- d-----w C:\Documents and Settings\Compaq_Proprietario\Dati applicazioni\skypePM
2008-04-06 21:03 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Skype
2008-04-06 21:02 --------- d-----w C:\Programmi\File comuni\Skype
2008-04-06 20:43 --------- d-----w C:\Programmi\Total Uninstall 4
2008-04-06 20:43 --------- d-----w C:\Programmi\eMule
2008-04-05 09:56 --------- d-----w C:\Programmi\Codemasters
2008-03-30 20:32 --------- d-----w C:\Programmi\MSN Messenger
2008-03-30 20:32 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-03-29 15:06 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Martau
2008-03-26 14:14 16,859,136 ----a-w C:\WINDOWS\RTHDCPL.exe
2008-03-05 16:07 520,192 ----a-w C:\WINDOWS\RtlExUpd.dll
2007-09-28 11:48 333 ----a-w C:\Documents and Settings\Compaq_Proprietario\prova.bat
2005-11-27 20:43 50 ----a-w C:\Programmi\bit3.bat
2005-11-27 20:43 50 ----a-w C:\Programmi\bit2.bat
2005-11-27 20:43 50 ----a-w C:\Programmi\bit.bat
2005-11-27 20:42 54 ----a-w C:\Programmi\inc1.bat
2005-11-27 20:42 41 ----a-w C:\Programmi\sleep.bat
2008-03-17 16:50 143,872 ----a-w C:\Programmi\mozilla firefox\plugins\JAVARumTime.dll
.

------- Sigcheck -------

2004-08-19 05:00 14336 73955b04f209d8a1c633867841267a96 C:\WINDOWS\system32\svchost.exe

2005-03-02 20:20 578048 488019bfe2b0f9f8cd8394276d5b664a C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
2007-03-08 17:48 579072 bab4f995e526484a235a276e269aaf7f C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2007-03-08 17:37 578560 9daa2190a18739b657b58f794acf2e47 C:\WINDOWS\system32\user32.dll

2004-08-19 05:00 82944 12ead983c875ed9bcc8b90e3f77f2e4a C:\WINDOWS\system32\ws2_32.dll

2005-05-25 21:07 359936 63fdfea54eb53de2d863ee454937ce1e C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
2006-01-13 19:07 360448 5562cc0a47b2aef06d3417b733f3c195 C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
2006-04-20 14:18 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys
2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

2004-08-19 05:00 504832 4166454e2bcfcc20d1b8a5ac9feab243 C:\WINDOWS\system32\winlogon.exe

2004-08-19 05:00 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-19 05:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2005-03-02 20:12 2060672 de16030e8209fd96eeb06d9e3d8c84a8 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
2006-12-19 20:44 2063104 0943f29440085d86a1b9b9c2356b45b4 C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe
2007-02-28 18:06 2063104 f89d8e24fbe047506d60b850d00bdee3 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2007-02-28 18:02 2061312 49baea1d9379df8cd897aff9f49bc9de C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:02 2019328 f5da1e6ecad8b9705a2df4a7e5a2d16d C:\WINDOWS\system32\ntkrnlpa.exe
2004-08-19 12:00 2060544 4dc3a3626b02c39aa69aae6f64bfbc2d C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\ntkrnlpa.exe

2005-03-02 20:12 2183296 c120a33c71e706545cf26d6276bc0344 C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
2006-12-19 20:44 2185728 ecb771f4cc4b5cd2b19b294fbd56f75d C:\WINDOWS\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe
2007-02-28 18:06 2185856 763ea08993b467a3af048ef185b1f805 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2007-02-28 18:02 2184064 5ec517cc0865808df80d2184b0131d27 C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:02 2139648 4fbb54345fe2bbb1314c97377a8eabee C:\WINDOWS\system32\ntoskrnl.exe
2004-08-19 05:00 2184704 4591cf1f202181113de2996e79a2905a C:\WINDOWS\system32\ReinstallBackups\0010\DriverFiles\i386\ntoskrnl.exe

2004-08-19 05:00 1034752 178d42bd8fc34a9837417a6ce1d6bb7b C:\WINDOWS\explorer.exe
2007-06-13 15:22 1035776 7e2817a623e16f830b660f81c0fd63da C:\WINDOWS\SoftwareDistribution\Download\3226e223a771445396195df1d0536388\sp2gdr\explorer.exe
2007-06-13 15:10 1035776 b4e85805be6d23de697f7b3ba7492d0b C:\WINDOWS\SoftwareDistribution\Download\3226e223a771445396195df1d0536388\sp2qfe\explorer.exe

2004-08-19 05:00 108544 e77f6fa2a15390f1727f4c1c55b69da6 C:\WINDOWS\system32\services.exe

2004-08-19 05:00 13312 0815e8da286775fa432c7c9ee5e10ba1 C:\WINDOWS\system32\lsass.exe

2004-08-19 05:00 15360 5b33b4265966ee063c7fbea28958d9c2 C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DrvMon.exe"="C:\WINDOWS\system32\DrvMon.exe" [2004-09-10 04:16 53248]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 05:00 15360]
"HideSHRi"="C:\Programmi\HideSRHi\HideSRHi.vbs" [2006-01-22 14:26 191]
"Voipwise"="C:\Programmi\Voipwise.com\Voipwise\Voipwise.exe" [2007-09-06 11:24 7394608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VTTimer"="VTTimer.exe" []
"ccApp"="c:\Programmi\File comuni\Symantec Shared\ccApp.exe" [2005-04-14 13:53 58992]
"ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-06-16 14:03 221184]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [2004-06-16 14:03 81920]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"AlcWzrd"="ALCWZRD.EXE" [2006-05-04 16:26 2808832 C:\WINDOWS\alcwzrd.exe]
"D-Link AirPlus XtremeG Utility"="C:\Programmi\Wireless USB adapter Alice G-132\AirPlusCFG.exe" [2006-11-20 11:56 1728512]
"ANIWZCS2Service"="C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2006-06-29 17:34 49152]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoViewOnDrive"= 0 (0x0)
"NoBandCustomize"= 0 (0x0)
"NoMovingBands"= 0 (0x0)
"NoCloseDragDropBands"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.X264"= x264vfw.dll
"VIDC.3iv2"= 3ivxVfWCodec.dll
"msacm.fraunhoferacm"= l3codecp.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^ATI CATALYST System Tray.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio rapido di HP Image Zone.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^HP Digital Imaging Monitor.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Photo Express Calendar Checker SE.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Proprietario^Menu Avvio^Programmi^Esecuzione automatica^Eurobarre.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Proprietario^Menu Avvio^Programmi^Esecuzione automatica^Stardock ObjectDock.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Proprietario^Menu Avvio^Programmi^Esecuzione automatica^UberIcon.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Proprietario^Menu Avvio^Programmi^Esecuzione automatica^Y'z Shadow.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^Compaq_Proprietario^Menu Avvio^Programmi^Esecuzione automatica^Y'z ToolBar.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!ewido]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2005-07-07 18:41 57344 C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGEIA PhysX SysTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
--a------ 2004-06-29 18:06 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
--a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcWzrd]
--a------ 2006-05-04 16:26 2808832 C:\WINDOWS\alcwzrd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2005-04-14 13:53 58992 c:\Programmi\File comuni\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDElbyCDFL]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools]
--a------ 2005-11-09 00:00 128920 C:\Programmi\DAEMON Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLAGENTEXE]
--a------ 2003-04-01 10:53 16384 C:\WINDOWS\system32\dslagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DSLSTATEXE]
--------- 2003-04-01 11:32 299008 C:\Programmi\IPM\Adsl\DataWay\dslstat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]
--a------ 2005-01-07 18:07 61952 C:\WINDOWS\system32\HDAShCut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2004-05-12 15:18 241664 C:\Programmi\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a------ 2005-02-16 23:11 49152 c:\Programmi\HP\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-04-06 12:28 172032 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb11.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon06]
--a------ 2004-07-14 01:58 659456 C:\WINDOWS\system32\hphmon06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHUPD06]
--a------ 2004-07-14 02:07 49152 c:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\hphupd06.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpsysdrv]
--a------ 1998-05-07 17:04 52736 c:\windows\system\hpsysdrv.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
--a------ 2004-08-20 23:55 155648 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
--a------ 2004-06-16 14:03 221184 C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
--a------ 2004-06-16 14:03 81920 C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Programmi\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KBD]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LSBWatcher]
--a------ 2004-10-14 22:54 253952 c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-09-07 18:53 190024 C:\Programmi\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\P2P Networking]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PE2CKFNT SE]
--------- 1998-07-03 12:51 25088 C:\Programmi\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PS2]
--a------ 2003-09-12 21:13 98304 C:\WINDOWS\system32\ps2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-03-28 23:37 413696 C:\Programmi\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2004-04-14 21:43 233472 C:\WINDOWS\SMINST\RECGUARD.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2003-12-18 01:31 118784 C:\Windows\Creator\Remind_XP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SemanticInsight]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shell API32]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
--a------ 2006-07-21 16:14 86016 C:\WINDOWS\SoundMan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 13:35 90112 C:\Programmi\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\STYLEXP]
--a------ 2005-11-30 21:31 1355776 C:\Programmi\TGTSoft\StyleXP\StyleXP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2008-02-22 05:25 144784 C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\tbon]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
-ra------ 2006-03-30 16:45 313472 C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Voipwise]
--a------ 2007-09-06 11:24 7394608 C:\Programmi\Voipwise.com\Voipwise\Voipwise.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\LimeWire\\LimeWire.exe"=
"C:\\Programmi\\BitComet\\BitComet.exe"=
"C:\\Programmi\\PeerWeb DC++\\PeerWeb DC++.exe"=
"C:\\Programmi\\THQ\\MotoGP URT 3\\motogp.exe"=
"C:\\Sierra\\Empire Earth\\Empire Earth.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Documents and Settings\\Compaq_Proprietario\\Dati applicazioni\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\KONAMI\\Pro Evolution Soccer 2008\\PES2008.exe"=
"C:\\Programmi\\FrostWire\\FrostWire.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\TVAnts\\Tvants.exe"=
"C:\\Programmi\\TrackMania Nations ESWC\\TmNationsESWC.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Voipwise.com\\Voipwise\\Voipwise.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"14857:TCP"= 14857:TCP:BitComet 14857 TCP
"14857:UDP"= 14857:UDP:BitComet 14857 UDP

R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16]
R3 A5AGU;D-Link USB Wireless Network Adapter Service;C:\WINDOWS\system32\DRIVERS\A5AGU.sys [2006-09-21 10:19]
R3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2003-01-31 22:43]
R3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2003-01-31 22:43]
R3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 12:29]
R3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
R3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{156fd424-6756-11dc-ae9a-00024f300101}]
\Shell\AutoRun\command - G:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5e26102a-1892-11db-aab8-0011d86a0e77}]
\Shell\AutoRun\command - G:\b2.exe
\Shell\explore\Command - G:\b2.exe
\Shell\open\Command - G:\b2.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-23 10:04:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-05-28 10:00:12 C:\WINDOWS\Tasks\HP Usg Daily.job"
- c:\Programmi\HP\{AAC4FC36-8F89-4587-8DD3-EBC57C83374D}\pexpress\hphped05.exe
"2008-05-28 10:49:15 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Programmi\Symantec\LiveUpdate\NDETECT.EXE
"2008-05-28 16:31:00 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
"2008-05-26 21:21:00 C:\WINDOWS\Tasks\WebReg 20050718232110.job"
- C:\Programmi\HP\Digital Imaging\bin\hpqwrg.exeb/TaskName 20050718232110 /N
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-28 18:27:16
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Programmi\File comuni\Symantec Shared\CCSETMGR.EXE
C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
C:\Programmi\File comuni\Symantec Shared\CCEVTMGR.EXE
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\PAStiSvc.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\verclsid.exe
.
**************************************************************************
.
Ora fine scansione: 2008-05-28 18:34:35 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-28 16:34:31
ComboFix2.txt 2008-03-18 12:18:10

23 Directory 23,860,367,360 byte disponibili
31 Directory 23,871,954,944 byte disponibili

324 --- E O F --- 2008-05-28 11:34:27

[AlePv]

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
NSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
28/05/2008 - 19:07:16

[SCANSIONE DEL REGISTRO]
{0A94B111-4504-4e26-AB05-E61E474AA38B} Infetto da BHO.ASK.C
* * * RIMOSSO * * *

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 1.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 1155.
Files Totali: 1155.
Chiavi Registro rimosse: 1.
Virus Rimossi: 0.

--------------------------------------------------------
28/05/2008 - 19:08:25

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
28/05/2008 - 19:09:19

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 0.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 0.
Files Totali: 0.
Chiavi Registro rimosse: 0.
Virus Rimossi: 0.

--------------------------------------------------------
28/05/2008 - 19:09:33

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
28/05/2008 - 19:10:23

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Programmi\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL Infetto da BHO.ASK.C
* * * RIMOSSO * * *
C:\System Volume Information\_restore{DC30D28F-B7F9-473C-A7E4-13120ECBCF23}\RP125\A0051376.DLL Infetto da BHO.ASK.C
* * * RIMOSSO * * *

Chiavi Registro infette: 0.
Files Infetti: 2.
Files Sospetti: 0.
Files Analizzati: 169931.
Files Totali: 169931.
Chiavi Registro rimosse: 0.
Virus Rimossi: 2.

[AlePv]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20.08.43, on 28/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
c:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
c:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
c:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\ALCWZRD.EXE
C:\Programmi\Wireless USB adapter Alice G-132\AirPlusCFG.exe
C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\WINDOWS\system32\DrvMon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=IT_IT&c=Q105&bd=presario&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=IT_IT&c=Q105&bd=presario&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {0A94B116-4504-4e26-AB05-E61E474AA38B} - C:\Programmi\AskPBar\SrchAstt\1.bin\A9SRCHAS.DLL (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - c:\Programmi\File comuni\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [ccApp] "c:\Programmi\File comuni\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG Utility] C:\Programmi\Wireless USB adapter Alice G-132\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Programmi\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKCU\..\Run: [DrvMon.exe] C:\WINDOWS\system32\DrvMon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HideSHRi] C:\Programmi\HideSRHi\HideSRHi.vbs
O4 - HKCU\..\Run: [Voipwise] "C:\Programmi\Voipwise.com\Voipwise\Voipwise.exe" -nosplash -minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://loalejonnygomma.spaces.live.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1129119937078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1129120186484
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://loalejonnygomma.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D812E8F-6CEE-4BC7-8037-2C96A01515C0}: NameServer = 85.37.17.4 85.38.28.70
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Alpha Networks Inc. - C:\Programmi\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - c:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: SAVScan - Symantec Corporation - c:\Programmi\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - c:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Programmi\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 11745 bytes

[AlePv]

è sorto un altro problema, non ho più la protezione di avast che è scomparso dalla system tray..

[Sante62]

Scarica Norman Malware Cleaner
disattiva il ripristino di sistema e avvia il PC in modalità provvisoria
Avvia Norman Malware Cleaner.
Viene generato un log sul desktop chiamandolo NFix_2008-01-gg_hh-mm-ss.log, alla fine della scansione postalo qui.
Sempre col PC alla modalità provvisoria, avvia Hijackthis, seleziona queste righe se presenti (quelle in rosso se le conosci per il momento non selezionarle) e clicca su fix Cheched:

[AlePv]

non riesco ad avviare il pc in modalità provvisoria, si ferma dp aver fatto le partition su una schermata nera. provo da msconfig?

[Sante62]

OK, prova da msconfig...

[AlePv]

ho provato ad avviare in modalita provvisoria impostando da msconfig, ma il pc si e' bloccato ugualmente all'avvio. non solo, adesso non riesco ad avviare il pc, sia selezionando la modalita normale che quella provvisoria(con il tasto f8. come risolvo?grazie

[Sante62]

Fai la scansione con Systemscan e posta il log generato come
indicato quì

Se il PC non si avvia dovresti tentare un punto di ripristino a data precedente, anche con il CD di installazione di Win XP...

[AlePv]

un mio amico è riuscito a modificare la stringa boot.ini togliendo safeboot minimal, ora il pc parte..adesso vorrei riuscire a capire perchè non vada più la modalità provvisoria & perchè avast sia scomparso..Grazie a tutti

[Angus_Mac]

Proviamo a vedere hai detto che provaa caricare il file però poi rimane la schermata nera e non carica in modalità provvisoria, ricordo di un virus capace di fare questo ti consiglio di non insistere nella modalità provvisoria questo virus era in grado di non farti partire più ip pc costringendoti a formattare

[Sante62]

Ti consiglio vivamente di tentare questa operazione:

[AlePv]

ho utilizzato il pc 1 sola volta dopo essere riuscito ad avviarlo in modalita normale, e penso che il virus abbia attaccato perche non ho potuto aprire alcun programma e sul dekstop venivano creati collegamenti a caso..ora il pc non parte, si blocca prima di mostrare gli utenti su sfondo blu con logo win xp. non essendo piu un problema di stringa deduco che sia colpa del virus. a questo punto se non esiste qualche antivirus da avviare nel dos e non potendo a causa dello stesso virus(penso) avviare in modalita provvisoria, non mi resta che formattare?

[Sante62]

C'è tempo per formattare
Quindi non riesci neanche a loggarti come utente?

Se possiedi il CD di installazione di Windows puoi provare ad avviarlo da lì.

Se riesci ad avviarlo fai queste operazioni:

Vai su start->esegui e digita regedit; si aprirà il registro di sistema;
Naviga attraverso queste chiavi:

[AlePv]

ho fatto il ripristino del sistema... solo che adesso mi si avvia solo la modalità provvisoria... la modalità normale si blocca su schermata nera prima di far vedere gli utenti....
adesso sto facendo girare avast da mod provvisoria...
sante62, mi consigli di far girare il tool che mi hai dato?

[Sante62]

Si, però sarebbe meglio se prima facessi le operazioni con le chiavi di registro che ho indicato...

[AlePv]

Ok a posto penso con il ripristino di aver eliminato il virus, poi nn partiva perchè il boot selezionava un altro disco ora ho sistemato. per verificare cmq che sia tutto pulito??quali log posso postare??grazie a tutti!!

[Sante62]