Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
[RISOLTO] Infezione da Trojan.Win32.Vundo.EH
Nuovo argomento   Quest'argomento è chiuso: Non puoi inserire, rispondere o modificare i messaggi.    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
thebutcher
Eroe
Eroe


Registrato: 11/07/08 23:21
Messaggi: 61

MessaggioInviato: 16 Lug 2008 11:39    Oggetto: Rispondi citando

Sante62 ha scritto:
Avvia Hijackthis e fixa quest'altra riga come hai fatto in precedenza:
Citazione:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://controlpage.info/


Prepara un file con il blocco note e mettici questa scritta in rosso:
Citazione:
Registry::
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28ea37b0-7e3f-11dc-9c9c-0016d45ac4f3}]

Salva il file come hai già fatto, e trascinalo sull'icona di Combofix;

Posta i logs aggiornati di Combofix e HJT.


Ciao Sante. Ecco i log: (ora l'avviso è sparito dopo il riavvio, naturalmente Spybot mi chiede di C/N un valore:
Categoria: Browser Helper Object
Modifica: Valore eliminato
Voce: {EF9FB4C7-05D3-4A4B-B42C-B9CC56ED6654} questo valore lo trovi sul log di Combofix

Comunque attendo tue disposizioni. Grazie!!!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:11, on 16/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam10\QuickCam10.exe
C:\WINDOWS\system32\igfxext.exe
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\DOCUME~1\Rudi\IMPOST~1\Temp\RtkBtMnt.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Acer\Empowering Technology\admServ.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://controlpage.info/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NTI Scheduler] "C:\Programmi\File comuni\NewTech Infosystems\Scheduler\Schdlr32.exe" -s
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FFTI] C:\Documents and Settings\Rudi\Dati applicazioni\Mozilla\Firefox\Profiles\x9vqro0b.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FFTI] C:\Documents and Settings\Rudi\Dati applicazioni\Mozilla\Firefox\Profiles\x9vqro0b.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: Use ViDown to download - C:\Programmi\ViDown\vd_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184942006125
O17 - HKLM\System\CCS\Services\Tcpip\..\{1840382E-449D-4A7E-A224-C67E0CEBEE9F}: NameServer = 193.70.152.15,193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{1840382E-449D-4A7E-A224-C67E0CEBEE9F}: NameServer = 193.70.152.15,193.70.152.25
O18 - Protocol: bw+0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FreePOPs - Unknown owner - C:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 23968 bytes

MENTRE QUESTO IL LOG DI COMBOFIX:

ComboFix 08-07-14.2 - Rudi 2008-07-16 11.15.51.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.426 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Rudi\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rudi\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\nttwdsop.dll
C:\WINDOWS\system32\posdwttn.ini
C:\WINDOWS\system32\ttAIRXbc.ini
C:\WINDOWS\system32\ttAIRXbc.ini2

.
((((((((((((((((((((((((( Files Creati Da 2008-06-16 al 2008-07-16 )))))))))))))))))))))))))))))))))))
.

2008-07-15 13:01 . 2008-07-15 13:01 24,400 --a------ C:\Documents and Settings\Rudi\mrsrlgbm.exe
2008-07-14 15:47 . 2008-07-14 15:47 24,400 --a------ C:\Documents and Settings\Rudi\iluisxtm.exe
2008-07-13 15:33 . 2008-07-13 15:33 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-07-13 15:33 . 2008-07-13 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-07-13 15:06 . 2008-07-13 15:06 <DIR> d-------- C:\Hijackthis
2008-07-13 13:26 . 2008-07-13 13:26 <DIR> d-------- C:\Programmi\CCleaner
2008-07-13 12:51 . 2008-07-13 12:51 <DIR> d-------- C:\VundoFix Backups
2008-07-12 09:09 . 2008-07-12 09:09 7,168 --a------ C:\WINDOWS\system32\drivers\uteyodgx.sys
2008-07-11 23:32 . 2008-07-13 14:42 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-11 23:32 . 2008-07-13 14:42 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-11 17:29 . 2008-07-11 17:29 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-11 17:22 . 2008-07-11 17:22 <DIR> d-------- C:\Programmi\Alwil Software
2008-07-11 17:12 . 2008-07-11 17:12 <DIR> d-------- C:\Programmi\Windows Live Safety Center
2008-07-11 17:03 . 2008-07-11 17:03 321,792 --a------ C:\WINDOWS\system32\cbXRIAtt.dll
2008-07-11 13:58 . 2004-09-07 20:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-09 15:42 . 2008-06-20 12:45 360,320 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2008-07-09 15:42 . 2008-06-20 11:52 225,920 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2008-07-09 15:42 . 2008-06-20 12:44 138,368 --a------ C:\WINDOWS\system32\drivers\afd.sys
2008-06-19 16:53 . 2008-06-19 16:53 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-06-19 16:53 . 2008-06-19 16:53 <DIR> d-------- C:\Documents and Settings\Rudi\Dati applicazioni\skypePM
2008-06-19 16:53 . 2008-06-19 16:53 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 18:37 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-25 11:47 20 ---h--w C:\Documents and Settings\All Users\Dati applicazioni\PKP_DLec.DAT
2008-06-25 11:47 20 ---h--w C:\Documents and Settings\All Users\Dati applicazioni\PKP_DLds.DAT
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-15 11:17 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 15:26 --------- d-----w C:\Programmi\Flock
2008-06-09 15:26 --------- d-----w C:\Documents and Settings\Rudi\Dati applicazioni\Flock
2008-05-29 10:35 --------- d-----w C:\Programmi\ViDown
2008-05-29 10:20 --------- d-----w C:\Programmi\Replay Media Catcher
2008-05-29 10:18 --------- d-----w C:\Documents and Settings\Rudi\Dati applicazioni\GetRightToGo
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,293,312 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:42 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-20 13:09 1,516,280 ----a-w C:\Programmi\mozilla firefox\plugins\RineraProxy.dll
2008-03-20 13:09 86,070 ----a-w C:\Programmi\mozilla firefox\plugins\pthreadVC2.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4BEB4881-B0C3-469F-9BCE-D91D1EED6E6D}]
2008-07-11 17:03 321792 --a------ C:\WINDOWS\system32\cbXRIAtt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 20:00 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 00:11 68856]
"LDM"="C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-14 23:54 36864]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 22:40 64512]
"AzMixerSel"="C:\Programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"ntiMUI"="C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-07 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 20:00 455168]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54 3080704]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NTI Scheduler"="C:\Programmi\File comuni\NewTech Infosystems\Scheduler\Schdlr32.exe" [2006-01-19 17:59 73728]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]
"avgnt"="C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-22 09:44 262401]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-30 00:12 1836544]
"LogitechCommunicationsManager"="C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:03 284184]
"LogitechQuickCamRibbon"="C:\Programmi\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 21:58 746520]
"LVCOMSX"="C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01 244512]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:53 110592 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"AdslTaskBar"="stmctrl.dll" [2003-03-27 14:11 151552 C:\WINDOWS\system32\stmctrl.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 20:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"="C:\Documents and Settings\Rudi\Dati applicazioni\Mozilla\Firefox\Profiles\x9vqro0b.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe" [2007-04-22 16:17 674138]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MPG4"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.MP42"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.MP43"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.DIV3"= C:\PROGRA~1\K-LITE~1\codecs\DivXc32.dll
"VIDC.DIV4"= C:\PROGRA~1\K-LITE~1\codecs\DivXc32f.dll
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.HFYU"= C:\PROGRA~1\K-LITE~1\codecs\huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"msacm.imc"= imc32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"D:\\eMule\\eMule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\WINDOWS\\System32\\FXSCLNT.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-06-25 20:37]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 17:45]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-07-12 10:47]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-09-07 20:00]
S3 uteyodgx;AVZ Kernel Driver;C:\WINDOWS\system32\Drivers\uteyodgx.sys [2008-07-12 09:09]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28ea37b0-7e3f-11dc-9c9c-0016d45ac4f3}]
\Shell\AutoRun\command - F:\
\Shell\explore\Command - camp.exe
\Shell\open\Command - camp.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-07 10:48:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{EF9FB4C7-05D3-4A4B-B42C-B9CC56ED6654} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 11:22:15
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\Rudi\IMPOST~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Ora fine scansione: 2008-07-16 11:27:30 - machine was rebooted
ComboFix-quarantined-files.txt 2008-07-16 09:27:22
ComboFix3.txt 2008-07-13 12:05:16
ComboFix2.txt 2008-07-15 10:45:20

18 Directory 7,399,276,544 byte disponibili
36 Directory 7,381,352,448 byte disponibili

228 --- E O F --- 2008-07-10 22:35:50
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia

MessaggioInviato: 16 Lug 2008 12:16    Oggetto: Rispondi citando

C'è un infeziona mediante chiavetta USB;

Disattiva momentaneamente il riconoscimento automatico delle chiavette USB; serve il programma TweakUI scaricabile da questa pagina e installalo.
Una volta installato, eseguilo e procedi con questi passaggi:
Citazione:
Espandi la sezione My Computer
Espandi la sottosezione Autoplay
:Spostati in Types
Togli il segno di spunta a Enable Autoplay for removable drives
Clicca su Apply
Chiudi TweakUI

PS: Con Espandi intendo: clicca sul simbolo [+] di fianco alle voci che ti ho indicato
Da questo momento tutti gli apparati USB smetteranno di avviarsi automaticamente.
Inserisci le tue chiavette e fai un check delle stesse con il tuo antivirus.
Quando sei sicuro che tutto è a posto, puoi riabilitare l'avvio automatico, rifacendo lo stesso percorso che ti ho indicato.

Prepara un altrio file col blocco note e inserisci queste:
Citazione:
File::
C:\Documents and Settings\Rudi\mrsrlgbm.exe
C:\Documents and Settings\Rudi\iluisxtm.exe

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28ea37b0-7e3f-11dc-9c9c-0016d45ac4f3}]

Trascinalo sull'icona di Combofix e attendi la fine delle operazioni;
Alla fine posta il log di Combofix; in HJT non hai fixato la riga R0 che ti ho indicato sopra oppure non è andata a buon fine, comunque fammi sapere...
Top
Profilo Invia messaggio privato
thebutcher
Eroe
Eroe


Registrato: 11/07/08 23:21
Messaggi: 61

MessaggioInviato: 16 Lug 2008 12:22    Oggetto: Rispondi citando

Sante62 ha scritto:
C'è un infeziona mediante chiavetta USB;

Disattiva momentaneamente il riconoscimento automatico delle chiavette USB; serve il programma TweakUI scaricabile da questa pagina e installalo.
Una volta installato, eseguilo e procedi con questi passaggi:
Citazione:
Espandi la sezione My Computer
Espandi la sottosezione Autoplay
:Spostati in Types
Togli il segno di spunta a Enable Autoplay for removable drives
Clicca su Apply
Chiudi TweakUI

PS: Con Espandi intendo: clicca sul simbolo [+] di fianco alle voci che ti ho indicato
Da questo momento tutti gli apparati USB smetteranno di avviarsi automaticamente.
Inserisci le tue chiavette e fai un check delle stesse con il tuo antivirus.
Quando sei sicuro che tutto è a posto, puoi riabilitare l'avvio automatico, rifacendo lo stesso percorso che ti ho indicato.

Prepara un altrio file col blocco note e inserisci queste:
Citazione:
File::
C:\Documents and Settings\Rudi\mrsrlgbm.exe
C:\Documents and Settings\Rudi\iluisxtm.exe
C:\WINDOWS\system32\cbXRIAtt.dll

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{28ea37b0-7e3f-11dc-9c9c-0016d45ac4f3}]

Trascinalo sull'icona di Combofix e attendi la fine delle operazioni;
Alla fine posta il log di Combofix; in HJT non hai fixato la riga R0 che ti ho indicato sopra oppure non è andata a buon fine, comunque fammi sapere...


Cavolo, c'è qualcosa che non va: Antivir ora è attivo ed ha iniziato a darmi vari detection. Questo è uno C:\Windows\system32\cbXRIAtt.dll, mi dice che è un trojan TR/Monderb.321792. Non riesco a fare nessuna operazione, ovvero quarantena, cancellarlo, manco ignorarlo. L'unica è disattivare Avira. Che faccio mò?
Top
Profilo Invia messaggio privato
thebutcher
Eroe
Eroe


Registrato: 11/07/08 23:21
Messaggi: 61

MessaggioInviato: 16 Lug 2008 12:43    Oggetto: log aggiornato hijackthis Rispondi citando

scusa, questo è quello aggiornato

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:41, on 16/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\VEXPLITE\viritsvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam10\QuickCam10.exe
C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\DOCUME~1\Rudi\IMPOST~1\Temp\RtkBtMnt.exe
C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\WINDOWS\explorer.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Mozilla Thunderbird\thunderbird.exe
C:\Programmi\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe
C:\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [NTI Scheduler] "C:\Programmi\File comuni\NewTech Infosystems\Scheduler\Schdlr32.exe" -s
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [LVCOMSX] "C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [09541673] rundll32.exe "C:\WINDOWS\system32\xhkoabaf.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [LDM] C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [FFTI] C:\Documents and Settings\Rudi\Dati applicazioni\Mozilla\Firefox\Profiles\x9vqro0b.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [FFTI] C:\Documents and Settings\Rudi\Dati applicazioni\Mozilla\Firefox\Profiles\x9vqro0b.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O8 - Extra context menu item: Use ViDown to download - C:\Programmi\ViDown\vd_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programmi\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5036.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1184942006125
O17 - HKLM\System\CCS\Services\Tcpip\..\{1840382E-449D-4A7E-A224-C67E0CEBEE9F}: NameServer = 193.70.152.15,193.70.152.25
O17 - HKLM\System\CS1\Services\Tcpip\..\{1840382E-449D-4A7E-A224-C67E0CEBEE9F}: NameServer = 193.70.152.15,193.70.152.25
O18 - Protocol: bw+0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: offline-8876480 - {1B6EA2E9-C5BC-4E55-86D7-A8E34D5C49F9} - C:\Programmi\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FreePOPs - Unknown owner - C:\Programmi\FreePOPs\freepopsservice.exe
O23 - Service: GoogleDesktopManager - Google - C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\Logitech\SrvLnch\SrvLnch.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Programmi\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Utilità di pianificazione di LiveUpdate automatico - Symantec Corporation - C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe

--
End of file - 24073 bytes
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia

MessaggioInviato: 16 Lug 2008 13:02    Oggetto: Rispondi citando

Bene, ho modificato lo script da fare con il blocco note nel post precedente insrendo il file segnalato da Avira;

quindi regolati di conseguenza....e procedi con il trascinamento su Combofix...
Top
Profilo Invia messaggio privato
thebutcher
Eroe
Eroe


Registrato: 11/07/08 23:21
Messaggi: 61

MessaggioInviato: 16 Lug 2008 13:40    Oggetto: Rispondi citando

Sante62 ha scritto:
Bene, ho modificato lo script da fare con il blocco note nel post precedente insrendo il file segnalato da Avira;

quindi regolati di conseguenza....e procedi con il trascinamento su Combofix...
Top
Profilo Invia messaggio privato
thebutcher
Eroe
Eroe


Registrato: 11/07/08 23:21
Messaggi: 61

MessaggioInviato: 16 Lug 2008 14:47    Oggetto: Rispondi citando

ecoo il log di combofix

ComboFix 08-07-14.2 - Rudi 2008-07-16 14.32.45.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.510 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Rudi\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rudi\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Rudi\iluisxtm.exe
C:\Documents and Settings\Rudi\mrsrlgbm.exe
C:\WINDOWS\system32\cbXRIAtt.dll
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Rudi\iluisxtm.exe
C:\Documents and Settings\Rudi\mrsrlgbm.exe
C:\WINDOWS\system32\cbXRIAtt.dll
C:\WINDOWS\system32\fabaokhx.ini
C:\WINDOWS\system32\ttAIRXbc.ini
C:\WINDOWS\system32\ttAIRXbc.ini2

.
((((((((((((((((((((((((( Files Creati Da 2008-06-16 al 2008-07-16 )))))))))))))))))))))))))))))))))))
.

2008-07-16 13:49 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-07-16 13:49 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-07-16 11:38 . 2008-07-16 11:38 92,672 --a------ C:\WINDOWS\system32\xhkoabaf.VIR
2008-07-13 15:33 . 2008-07-13 15:33 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-07-13 15:33 . 2008-07-13 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-07-13 15:06 . 2008-07-13 15:06 <DIR> d-------- C:\Hijackthis
2008-07-13 13:26 . 2008-07-13 13:26 <DIR> d-------- C:\Programmi\CCleaner
2008-07-13 12:51 . 2008-07-13 12:51 <DIR> d-------- C:\VundoFix Backups
2008-07-12 09:09 . 2008-07-12 09:09 7,168 --a------ C:\WINDOWS\system32\drivers\uteyodgx.sys
2008-07-11 23:32 . 2008-07-13 14:42 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-11 23:32 . 2008-07-13 14:42 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-11 17:29 . 2008-07-11 17:29 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-11 17:22 . 2008-07-11 17:22 <DIR> d-------- C:\Programmi\Alwil Software
2008-07-11 17:12 . 2008-07-11 17:12 <DIR> d-------- C:\Programmi\Windows Live Safety Center
2008-07-11 13:58 . 2004-09-07 20:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-09 15:42 . 2008-06-20 12:45 360,320 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2008-07-09 15:42 . 2008-06-20 11:52 225,920 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2008-07-09 15:42 . 2008-06-20 12:44 138,368 --a------ C:\WINDOWS\system32\drivers\afd.sys
2008-06-19 16:53 . 2008-06-19 16:53 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-06-19 16:53 . 2008-06-19 16:53 <DIR> d-------- C:\Documents and Settings\Rudi\Dati applicazioni\skypePM
2008-06-19 16:53 . 2008-06-19 16:53 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 18:37 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-25 11:47 20 ---h--w C:\Documents and Settings\All Users\Dati applicazioni\PKP_DLec.DAT
2008-06-25 11:47 20 ---h--w C:\Documents and Settings\All Users\Dati applicazioni\PKP_DLds.DAT
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-15 11:17 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 15:26 --------- d-----w C:\Programmi\Flock
2008-06-09 15:26 --------- d-----w C:\Documents and Settings\Rudi\Dati applicazioni\Flock
2008-05-29 10:35 --------- d-----w C:\Programmi\ViDown
2008-05-29 10:20 --------- d-----w C:\Programmi\Replay Media Catcher
2008-05-29 10:18 --------- d-----w C:\Documents and Settings\Rudi\Dati applicazioni\GetRightToGo
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,293,312 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:42 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-20 13:09 1,516,280 ----a-w C:\Programmi\mozilla firefox\plugins\RineraProxy.dll
2008-03-20 13:09 86,070 ----a-w C:\Programmi\mozilla firefox\plugins\pthreadVC2.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 20:00 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 00:11 68856]
"LDM"="C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-14 23:54 36864]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 22:40 64512]
"AzMixerSel"="C:\Programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"ntiMUI"="C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-07 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 20:00 455168]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54 3080704]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NTI Scheduler"="C:\Programmi\File comuni\NewTech Infosystems\Scheduler\Schdlr32.exe" [2006-01-19 17:59 73728]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]
"avgnt"="C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-22 09:44 262401]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-30 00:12 1836544]
"LogitechCommunicationsManager"="C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:03 284184]
"LogitechQuickCamRibbon"="C:\Programmi\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 21:58 746520]
"LVCOMSX"="C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01 244512]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:53 110592 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"AdslTaskBar"="stmctrl.dll" [2003-03-27 14:11 151552 C:\WINDOWS\system32\stmctrl.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 20:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"="C:\Documents and Settings\Rudi\Dati applicazioni\Mozilla\Firefox\Profiles\x9vqro0b.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe" [2007-04-22 16:17 674138]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MPG4"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.MP42"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.MP43"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.DIV3"= C:\PROGRA~1\K-LITE~1\codecs\DivXc32.dll
"VIDC.DIV4"= C:\PROGRA~1\K-LITE~1\codecs\DivXc32f.dll
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.HFYU"= C:\PROGRA~1\K-LITE~1\codecs\huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"msacm.imc"= imc32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"D:\\eMule\\eMule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\WINDOWS\\System32\\FXSCLNT.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-06-25 20:37]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 17:45]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-07-12 10:47]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-09-07 20:00]
S3 uteyodgx;AVZ Kernel Driver;C:\WINDOWS\system32\Drivers\uteyodgx.sys [2008-07-12 09:09]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-07 10:48:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{EF9FB4C7-05D3-4A4B-B42C-B9CC56ED6654} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 14:38:33
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\DOCUME~1\Rudi\IMPOST~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Ora fine scansione: 2008-07-16 14:43:17 - machine was rebooted [Rudi]
ComboFix-quarantined-files.txt 2008-07-16 12:43:10
ComboFix4.txt 2008-07-13 12:05:16
ComboFix3.txt 2008-07-15 10:45:20
ComboFix2.txt 2008-07-16 09:27:34

18 Directory 7,374,667,776 byte disponibili
36 Directory 7,356,743,680 byte disponibili

228 --- E O F --- 2008-07-10 22:35:50
Top
Profilo Invia messaggio privato
thebutcher
Eroe
Eroe


Registrato: 11/07/08 23:21
Messaggi: 61

MessaggioInviato: 16 Lug 2008 14:48    Oggetto: Rispondi citando

ecoo il log di combofix

ComboFix 08-07-14.2 - Rudi 2008-07-16 14.32.45.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.510 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Rudi\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Rudi\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\Documents and Settings\Rudi\iluisxtm.exe
C:\Documents and Settings\Rudi\mrsrlgbm.exe
C:\WINDOWS\system32\cbXRIAtt.dll
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Rudi\iluisxtm.exe
C:\Documents and Settings\Rudi\mrsrlgbm.exe
C:\WINDOWS\system32\cbXRIAtt.dll
C:\WINDOWS\system32\fabaokhx.ini
C:\WINDOWS\system32\ttAIRXbc.ini
C:\WINDOWS\system32\ttAIRXbc.ini2

.
((((((((((((((((((((((((( Files Creati Da 2008-06-16 al 2008-07-16 )))))))))))))))))))))))))))))))))))
.

2008-07-16 13:49 . 2003-06-25 16:05 266,360 --a------ C:\WINDOWS\system32\TweakUI.exe
2008-07-16 13:49 . 2002-06-21 15:09 160,217 --a------ C:\WINDOWS\system32\PowerToysLicense.rtf
2008-07-16 11:38 . 2008-07-16 11:38 92,672 --a------ C:\WINDOWS\system32\xhkoabaf.VIR
2008-07-13 15:33 . 2008-07-13 15:33 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-07-13 15:33 . 2008-07-13 15:33 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-07-13 15:06 . 2008-07-13 15:06 <DIR> d-------- C:\Hijackthis
2008-07-13 13:26 . 2008-07-13 13:26 <DIR> d-------- C:\Programmi\CCleaner
2008-07-13 12:51 . 2008-07-13 12:51 <DIR> d-------- C:\VundoFix Backups
2008-07-12 09:09 . 2008-07-12 09:09 7,168 --a------ C:\WINDOWS\system32\drivers\uteyodgx.sys
2008-07-11 23:32 . 2008-07-13 14:42 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-11 23:32 . 2008-07-13 14:42 32 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-11 17:29 . 2008-07-11 17:29 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-11 17:22 . 2008-07-11 17:22 <DIR> d-------- C:\Programmi\Alwil Software
2008-07-11 17:12 . 2008-07-11 17:12 <DIR> d-------- C:\Programmi\Windows Live Safety Center
2008-07-11 13:58 . 2004-09-07 20:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-09 15:42 . 2008-06-20 12:45 360,320 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2008-07-09 15:42 . 2008-06-20 11:52 225,920 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2008-07-09 15:42 . 2008-06-20 12:44 138,368 --a------ C:\WINDOWS\system32\drivers\afd.sys
2008-06-19 16:53 . 2008-06-19 16:53 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-06-19 16:53 . 2008-06-19 16:53 <DIR> d-------- C:\Documents and Settings\Rudi\Dati applicazioni\skypePM
2008-06-19 16:53 . 2008-06-19 16:53 48 --ah----- C:\WINDOWS\system32\ezsidmv.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-25 18:37 39,808 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-25 11:47 20 ---h--w C:\Documents and Settings\All Users\Dati applicazioni\PKP_DLec.DAT
2008-06-25 11:47 20 ---h--w C:\Documents and Settings\All Users\Dati applicazioni\PKP_DLds.DAT
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:39 247,296 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-15 11:17 2,560 ----a-w C:\WINDOWS\_MSRSTRT.EXE
2008-06-14 17:59 272,768 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-14 17:59 272,768 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-09 15:26 --------- d-----w C:\Programmi\Flock
2008-06-09 15:26 --------- d-----w C:\Documents and Settings\Rudi\Dati applicazioni\Flock
2008-05-29 10:35 --------- d-----w C:\Programmi\ViDown
2008-05-29 10:20 --------- d-----w C:\Programmi\Replay Media Catcher
2008-05-29 10:18 --------- d-----w C:\Documents and Settings\Rudi\Dati applicazioni\GetRightToGo
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 04:55 1,293,312 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 04:55 1,293,312 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 20:16 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-22 07:42 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 07:42 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 07:39 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 05:07 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-03-20 13:09 1,516,280 ----a-w C:\Programmi\mozilla firefox\plugins\RineraProxy.dll
2008-03-20 13:09 86,070 ----a-w C:\Programmi\mozilla firefox\plugins\pthreadVC2.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 20:00 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 00:11 68856]
"LDM"="C:\Programmi\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-01-14 23:54 36864]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 09:42 2156368]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 22:40 64512]
"AzMixerSel"="C:\Programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-12-21 15:02 53248]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2006-03-03 13:07 761946]
"ntiMUI"="C:\Programmi\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2006-05-15 11:15 45056]
"ADMTray.exe"="C:\Acer\Empowering Technology\admtray.exe" [2005-10-24 16:45 2462208]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-12-27 15:50 69632]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-09-07 20:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-09-07 20:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 20:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-09-07 20:00 455168]
"ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-08-10 19:29 352256]
"Acer ePower Management"="C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe" [2006-05-22 12:54 3080704]
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-07-20 22:15 593920]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\Monitor.exe" [2006-01-24 18:00 397312]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"NTI Scheduler"="C:\Programmi\File comuni\NewTech Infosystems\Scheduler\Schdlr32.exe" [2006-01-19 17:59 73728]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2006-03-23 12:17 94208]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2006-03-23 12:13 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2006-03-23 12:17 118784]
"avgnt"="C:\Programmi\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-22 09:44 262401]
"Google Desktop Search"="C:\Programmi\Google\Google Desktop Search\GoogleDesktop.exe" [2007-07-30 00:12 1836544]
"LogitechCommunicationsManager"="C:\Programmi\File comuni\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 01:03 284184]
"LogitechQuickCamRibbon"="C:\Programmi\Logitech\QuickCam10\QuickCam10.exe" [2006-11-15 21:58 746520]
"LVCOMSX"="C:\Programmi\File comuni\Logitech\LComMgr\LVComSX.exe" [2006-11-15 22:01 244512]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 00:53 110592 C:\WINDOWS\system32\bthprops.cpl]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-28 14:54 16248320 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 2879488 C:\WINDOWS\SkyTel.exe]
"AdslTaskBar"="stmctrl.dll" [2003-03-27 14:11 151552 C:\WINDOWS\system32\stmctrl.dll]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 20:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FFTI"="C:\Documents and Settings\Rudi\Dati applicazioni\Mozilla\Firefox\Profiles\x9vqro0b.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\unins000.exe" [2007-04-22 16:17 674138]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.MPG4"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.MP42"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.MP43"= C:\PROGRA~1\K-LITE~1\codecs\Mpg4c32.dll
"VIDC.DIV3"= C:\PROGRA~1\K-LITE~1\codecs\DivXc32.dll
"VIDC.DIV4"= C:\PROGRA~1\K-LITE~1\codecs\DivXc32f.dll
"VIDC.3iv2"= C:\PROGRA~1\K-LITE~1\codecs\3IVXVF~1.DLL
"VIDC.HFYU"= C:\PROGRA~1\K-LITE~1\codecs\huffyuv.dll
"vidc.i263"= i263_32.drv
"VIDC.VP60"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP61"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP62"= C:\PROGRA~1\K-LITE~1\codecs\vp6vfw.dll
"VIDC.VP70"= C:\PROGRA~1\K-LITE~1\codecs\vp7vfw.dll
"VIDC.VP31"= C:\PROGRA~1\K-LITE~1\codecs\vp31vfw.dll
"VIDC.FFDS"= C:\PROGRA~1\K-LITE~1\ffdshow\ff_vfw.dll
"msacm.ac3acm"= C:\PROGRA~1\K-LITE~1\codecs\ac3acm.acm
"msacm.l3fhg"= C:\PROGRA~1\K-LITE~1\codecs\l3codecp.acm
"msacm.imc"= imc32.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"D:\\eMule\\eMule.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Mozilla Firefox\\firefox.exe"=
"C:\\Programmi\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Programmi\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\WINDOWS\\System32\\FXSCLNT.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-06-25 20:37]
R1 Asapi;Asapi;C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 20:27]
R1 OsaFsLoc;OsaFsLoc;C:\WINDOWS\system32\drivers\OsaFsLoc.sys [2005-10-15 18:20]
R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2006-01-23 12:41]
R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2006-01-23 12:41]
R2 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 14:46]
R2 osaio;osaio;C:\WINDOWS\system32\drivers\osaio.sys [2005-06-30 16:58]
R2 osanbm;osanbm;C:\WINDOWS\system32\drivers\osanbm.sys [2005-01-14 15:57]
R2 Utilità di pianificazione di LiveUpdate automatico;Utilità di pianificazione di LiveUpdate automatico;C:\Programmi\Symantec\LiveUpdate\ALUSchedulerSvc.exe [2006-08-03 17:45]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-07-12 10:47]
R3 NdisFilt;OSA NdisFilter Protocol;C:\WINDOWS\system32\Drivers\NdisFilt.sys [2005-09-13 15:34]
S3 usbscan;Driver scanner USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-09-07 20:00]
S3 uteyodgx;AVZ Kernel Driver;C:\WINDOWS\system32\Drivers\uteyodgx.sys [2008-07-12 09:09]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-07-07 10:48:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
.
- - - - ORPHANS REMOVED - - - -

BHO-{EF9FB4C7-05D3-4A4B-B42C-B9CC56ED6654} - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 14:38:33
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Intel\Wireless\Bin\EvtEng.exe
C:\Programmi\Intel\Wireless\Bin\S24EvMon.exe
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\programmi\file comuni\logitech\lvmvfm\LVPrcSrv.exe
C:\Programmi\AntiVir PersonalEdition Classic\avguard.exe
C:\Programmi\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\FreePOPs\freepopsservice.exe
C:\Programmi\FreePOPs\freepopsd.exe
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\igfxext.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\DOCUME~1\Rudi\IMPOST~1\Temp\RtkBtMnt.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Ora fine scansione: 2008-07-16 14:43:17 - machine was rebooted [Rudi]
ComboFix-quarantined-files.txt 2008-07-16 12:43:10
ComboFix4.txt 2008-07-13 12:05:16
ComboFix3.txt 2008-07-15 10:45:20
ComboFix2.txt 2008-07-16 09:27:34

18 Directory 7,374,667,776 byte disponibili
36 Directory 7,356,743,680 byte disponibili

228 --- E O F --- 2008-07-10 22:35:50
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia

MessaggioInviato: 16 Lug 2008 16:03    Oggetto: Rispondi citando

C'è ancora qualcos'altro ma non riesco a focalizzare cosa;

fai la scansione con Systemscan e posta il log generato come
indicato quì
Top
Profilo Invia messaggio privato
thebutcher
Eroe
Eroe


Registrato: 11/07/08 23:21
Messaggi: 61

MessaggioInviato: 16 Lug 2008 20:18    Oggetto: Rispondi citando

Sante62 ha scritto:
C'è ancora qualcos'altro ma non riesco a focalizzare cosa;

fai la scansione con Systemscan e posta il log generato come
indicato quì


tu dici? dopo averlo riavviato sembra a posto. Cmq seguo il consiglio.
Top
Profilo Invia messaggio privato
thebutcher
Eroe
Eroe


Registrato: 11/07/08 23:21
Messaggi: 61

MessaggioInviato: 16 Lug 2008 20:58    Oggetto: Rispondi citando

thebutcher ha scritto:
Sante62 ha scritto:
C'è ancora qualcos'altro ma non riesco a focalizzare cosa;

fai la scansione con Systemscan e posta il log generato come
indicato quì


tu dici? dopo averlo riavviato sembra a posto. Cmq seguo il consiglio.



Ecco il log:
16_07_2008_20_32_report.zip
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia

MessaggioInviato: 17 Lug 2008 00:33    Oggetto: Rispondi citando

Va bene, pare non vi sia nulla di sospetto;

Dovresti essere a posto anche se ti consiglierei, per chiudere in bellezza, di fare una scansione con Kaspersky online scanner e postare il risultato come indicato nelle istruzioni...
Top
Profilo Invia messaggio privato
thebutcher
Eroe
Eroe


Registrato: 11/07/08 23:21
Messaggi: 61

MessaggioInviato: 17 Lug 2008 12:33    Oggetto: Rispondi

Sante62 ha scritto:
Va bene, pare non vi sia nulla di sospetto;

Dovresti essere a posto anche se ti consiglierei, per chiudere in bellezza, di fare una scansione con Kaspersky online scanner e postare il risultato come indicato nelle istruzioni...


ok farò come dici, intanto ho fatto andare avira che mi ha trovato TR/Crypt.XPACK.Gen che ho fatto cancellare. Speriamo sia finita.

Intanto ti ringrazio di cuore per la tua consulenza.
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Quest'argomento è chiuso: Non puoi inserire, rispondere o modificare i messaggi.    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Vai a Precedente  1, 2
Pagina 2 di 2

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi