Olimpo Informatico

Jimny · Mortale devoto Registrato: 02/02/08 03:37 Messaggi: 12

Ciao a tutti, sono nuovo del forum. Ho trovato questo forum girando per internet per trovare una cura a dei virus ( mi dite cosa sono esattamente ? ) che ho preso ieri. Non ricordo il nome ma uno inizia con 88. etc.... e un altro è doginhispen . Me ne sono accorto solo perchè li ho trovati nella cronologia ma il computer funziona correttamente o meglio almeno credo, non ci sono connessioni create da dialer . Mi devo preoccupare e rischio un bolletta salata ? Ho fatto una scansione con Hijackthis, mi date una mano per favore ? :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2.38.58, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvp2pmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\Programmi\Spyware Doctor\SDTrayApp.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Utente\Desktop\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [PCMCIA Resource Monitor] nvp2pmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D792278-2021-4CC3-9023-C1481B8B6F48}: NameServer = 85.37.17.16 85.38.28.68
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe

--
End of file - 7435 bytes

Sante62 · Inviato: 02 Feb 2008 10:24 Oggetto:

Ciao Jimny Ciao

Avvia Hijackthis, seleziona queste righe e clicca poi fix Checked rispondendo si:

Jimny · Mortale devoto Registrato: 02/02/08 03:37 Messaggi: 12

Cia ho fatto le scansioni ( da modalità normale ) ma ho appena visto nella cronologia che ci sono ancora Sad

( devo preoccuparmi per la bolletta ?):

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13.50.55, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvp2pmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Documents and Settings\Utente\Desktop\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [PCMCIA Resource Monitor] nvp2pmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D792278-2021-4CC3-9023-C1481B8B6F48}: NameServer = 85.37.17.16 85.38.28.68
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe

--
End of file - 7280 bytes

ComboFix 08-02.02.5 - Utente 2008-02-02 13.33.33.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.201 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\regsvr32.dll

.
((((((((((((((((((((((((( Files Creati Da 2008-01-02 al 2008-02-02 )))))))))))))))))))))))))))))))))))
.

2008-02-02 03:12 . 2008-02-02 03:12 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-02 03:12 . 2008-02-02 03:12 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-02-02 02:25 . 2008-02-02 02:25 <DIR> d-------- C:\Programmi\StopDialers
2008-02-02 02:10 . 2008-02-02 02:10 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-02 02:10 . 2008-02-02 02:11 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-01 23:31 . 2008-02-01 23:31 <DIR> d-------- C:\Programmi\Spyware Doctor
2008-02-01 23:31 . 2008-02-01 23:31 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\PC Tools
2008-02-01 23:31 . 2007-10-04 17:10 79,688 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-02-01 23:31 . 2007-10-04 17:10 62,280 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-02-01 23:31 . 2007-10-04 17:10 41,288 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-02-01 23:31 . 2007-10-04 17:11 29,000 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-02-01 23:24 . 2005-09-23 07:29 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
2008-02-01 23:16 . 2008-02-01 23:16 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Talkback
2008-02-01 23:16 . 2008-02-01 23:16 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-01 23:13 . 2008-02-01 23:13 <DIR> d-------- C:\WINDOWS\Google Toolbar
2008-02-01 23:00 . 2008-02-01 23:00 <DIR> d-------- C:\Programmi\Norton Security Scan
2008-02-01 22:56 . 2008-02-01 22:56 <DIR> d-------- C:\Programmi\Google
2008-02-01 22:56 . 2008-02-01 22:56 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Google Updater
2008-02-01 22:25 . 2008-02-01 22:25 <DIR> d-------- C:\Programmi\RogueRemover FREE
2008-01-31 21:20 . 2008-01-31 21:21 <DIR> d-------- C:\Programmi\Avira
2008-01-31 21:20 . 2008-01-31 21:21 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-01-31 21:12 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-31 21:09 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\myxttnuxnmpl.sys
2008-01-31 21:03 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\RkPavProc.sys
2008-01-31 18:58 . 2008-01-31 18:58 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\BSplayer Pro
2008-01-31 18:58 . 2008-01-31 18:58 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\BSplayer
2008-01-31 18:36 . 2008-01-31 18:36 <DIR> d-------- C:\WINDOWS\system32\bak
2008-01-31 18:36 . 2008-01-31 18:36 <DIR> d-------- C:\WINDOWS\bak
2008-01-21 13:22 . 2008-01-21 13:22 <DIR> d-------- C:\Programmi\Aethra
2008-01-21 13:22 . 2004-04-20 16:24 52,864 --a------ C:\WINDOWS\system32\drivers\CnxTrUsb.sys
2008-01-21 13:22 . 2004-04-20 16:24 25,984 --a------ C:\WINDOWS\system32\drivers\CnxTrLan.sys
2008-01-20 17:59 . 2008-01-20 17:59 <DIR> d-------- C:\Programmi\nobrand
2008-01-20 17:49 . 2008-01-20 17:49 <DIR> d-------- C:\Temp
2008-01-20 17:49 . 2008-01-20 17:49 1,409 --a------ C:\WINDOWS\system32\tmpE0045.FOT
2008-01-20 17:49 . 2008-01-20 17:49 1,409 --a------ C:\WINDOWS\system32\tmpC4045.FOT
2008-01-20 17:49 . 2008-01-20 17:49 1,409 --a------ C:\WINDOWS\system32\tmpB8045.FOT
2008-01-20 17:39 . 2008-01-20 17:39 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-01-17 22:58 . 2008-01-17 22:58 <DIR> d-------- C:\Programmi\TomTom HOME 2
2008-01-15 19:52 . 2008-01-15 19:52 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\TomTom
2008-01-08 02:16 . 2008-01-08 02:16 630,784 --a------ C:\WINDOWS\system32\divxdec.ax
2008-01-07 21:44 . 2008-01-07 21:45 <DIR> d-------- C:\Programmi\Combined Community Codec Pack
2008-01-04 22:59 . 2008-01-04 22:59 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2008-01-04 22:59 . 2008-01-04 22:59 4,816 --a------ C:\WINDOWS\system32\divxsm.tlb
2008-01-04 22:58 . 2008-01-04 22:58 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2008-01-04 22:58 . 2008-01-04 22:58 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2008-01-04 22:58 . 2008-01-04 22:58 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2008-01-04 22:56 . 2008-01-04 22:56 156,992 --a------ C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-01-04 22:56 . 2008-01-04 22:56 12,288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-31 17:41 14,348 ----a-w C:\WINDOWS\system32\SWEEPER.EXE
2008-01-31 17:41 14,348 ----a-w C:\WINDOWS\NCLAUNCH.EXe
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-01-04 21:57 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-01-04 21:57 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-01-04 21:57 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-01-04 21:57 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-01-04 21:57 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-01-04 21:57 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-01-04 21:57 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-01-04 21:57 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-01-04 21:57 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-01-04 21:57 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2007-12-15 14:13 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2007-12-15 14:02 4,229,496 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-12-15 14:02 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\AccurateRip
2007-12-11 19:46 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-12-11 19:46 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2007-12-11 19:46 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2007-12-11 19:46 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2007-12-07 16:43 --------- d-----w C:\Programmi\iTunes
2007-12-07 16:41 --------- d-----w C:\Programmi\QuickTime
2007-12-07 16:40 --------- d-----w C:\Programmi\Apple Software Update
2007-12-07 16:39 --------- d-----w C:\Programmi\File comuni\Apple
2007-12-07 16:39 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2007-11-14 07:27 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll
2007-11-07 09:27 727,552 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:27 727,552 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-07 19:38 34,480 ----a-w C:\Documents and Settings\Utente\Dati applicazioni\GDIPFONTCACHEV1.DAT
2006-07-21 13:34 24,192 ----a-w C:\Documents and Settings\Utente\usbsermptxp.sys
2006-07-21 13:34 22,768 ----a-w C:\Documents and Settings\Utente\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 65,536 2007-06-11 22:20:26 C:\WINDOWS\bak\NCLAUNCH.EXe
----a-w 14,348 2008-01-31 17:41:48 C:\WINDOWS\NCLAUNCH.EXe

----a-w 15,360 2004-08-19 14:39:36 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 14:39:36 C:\WINDOWS\system32\ctfmon.exe

----a-w 167,936 2005-12-18 11:10:36 C:\WINDOWS\system32\bak\SWEEPER.EXE
----a-w 14,348 2008-01-31 17:41:48 C:\WINDOWS\system32\SWEEPER.EXE

----a-w 71,304 2006-04-04 11:02:02 C:\Programmi\File comuni\Symantec Shared\bak\ccApp.exe

----a-w 139,264 2006-11-16 18:04:20 C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe

----a-w 155,648 2006-01-12 14:40:44 C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe

----a-w 378,784 2007-10-31 09:19:50 C:\Programmi\TomTom HOME 2\bak\HOMERunner.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\TomTom HOME 2\HOMERunner.exe

----a-w 290,816 2004-03-19 18:37:18 C:\Programmi\Launch Manager\bak\QtZiAcer.EXE
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\Launch Manager\QtZiAcer.EXE

----a-w 110,592 2003-04-18 13:36:22 C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\Synaptics\SynTP\SynTPLpr.exe

----a-w 610,304 2003-04-18 14:20:58 C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\Synaptics\SynTP\SynTPEnh.exe

----a-w 132,496 2007-07-12 03:00:36 C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe

----a-w 32,768 2003-10-31 18:42:40 C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe

----a-w 286,720 2007-11-14 22:43:10 C:\Programmi\QuickTime\bak\qttask.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\QuickTime\QTTask.exe

----a-w 267,048 2007-11-15 12:11:04 C:\Programmi\iTunes\bak\iTunesHelper.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\iTunes\iTunesHelper.exe

----a-w 690,176 2005-08-16 17:16:30 C:\Programmi\dvd43\bak\dvd43_tray.exe
----a-w 14,348 2008-01-31 17:41:48 C:\Programmi\dvd43\dvd43_tray.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]
"NCLaunch"="C:\WINDOWS\NCLAUNCH.EXe" [2008-01-31 18:41 14348]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe" [2008-01-31 18:41 14348]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-02-01 22:56 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" []
"PCMCIA Resource Monitor"="nvp2pmon.exe" [2004-02-23 16:50 9728 C:\WINDOWS\system32\nvp2pmon.exe]
"NvCplDaemon"="C:\WINDOWS\System32\NvCpl.dll" [2004-01-21 22:31 2899968]
"nwiz"="nwiz.exe" [2004-01-21 22:31 782336 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2003-10-23 14:21 88363 C:\WINDOWS\AGRSMMSG.exe]
"LManager"="C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE" [2008-01-31 18:41 14348]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe" [2008-01-31 18:41 14348]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 20:54 65536 C:\WINDOWS\soundman.exe]
"RemoteControl"="C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe" [2008-01-31 18:41 14348]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2008-01-31 18:41 14348]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-01-31 18:41 14348]
"CnxTrApp"="C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll" [2004-04-20 16:24 247296]
"SynTPEnh"="C:\Programmi\Synaptics\SynTP\SynTPEnh.exe" [2008-01-31 18:41 14348]
"SynTPLpr"="C:\Programmi\Synaptics\SynTP\SynTPLpr.exe" [2008-01-31 18:41 14348]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-01-31 21:29 249896]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"SDTray"="C:\Programmi\Spyware Doctor\SDTrayApp.exe" [2007-10-02 16:27 1065288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-19 15:39 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 09:01:04 83360]
Google Updater.lnk - C:\Programmi\Google\Google Updater\GoogleUpdater.exe [2008-02-01 22:56:38 125624]

R0 nvp2p;NVIDIA PCI to PCI Bridge Filter;C:\WINDOWS\system32\DRIVERS\nvp2p.sys [2004-02-23 16:49]
R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 z3f2bus;Sony Ericsson driver (WDM);C:\WINDOWS\system32\DRIVERS\z3f2bus.sys []
S3 z3f2mdfl;Sony Ericsson USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\z3f2mdfl.sys []
S3 z3f2mdm;Sony Ericsson USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\z3f2mdm.sys []
S3 z3f2mgmt;Sony Ericsson USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\z3f2mgmt.sys []
S3 z3f2obex;Sony Ericsson USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\z3f2obex.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{146ee53e-b67e-11dc-b03f-00029615bb96}]
\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{21abdf2c-cc2e-11db-af8c-00029615bb96}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3524098-c9ab-11dc-b060-000a9412d473}]
\Shell\AutoRun\command - E:\InstallTomTomHOME.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-28 15:43:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-02-01 22:01:12 C:\WINDOWS\Tasks\Norton Security Scan.job"
- C:\Programmi\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 13:36:06
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-02-02 13.37.25
ComboFix-quarantined-files.txt 2008-02-02 12:37:22
.
2008-01-25 12:00:24 --- E O F ---

Find AWF report by noahdfear ©2006
Version 1.40

bak folders found
~~~~~~~~~~~

Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0

Directory di C:\WINDOWS\BAK

11/06/2007 23.20 65.536 NCLAUNCH.EXe
1 File 65.536 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 15.39 15.360 ctfmon.exe
18/12/2005 12.10 167.936 SWEEPER.EXE
2 File 183.296 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0

Directory di C:\PROGRA~1\MESSEN~1\BAK

0 File 0 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0

Directory di C:\PROGRA~1\TOMTOM~1\BAK

31/10/2007 10.19 378.784 HOMERunner.exe
1 File 378.784 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0

Directory di C:\PROGRA~1\LAUNCH~1\BAK

19/03/2004 19.37 290.816 QtZiAcer.EXE
1 File 290.816 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0

Directory di C:\PROGRA~1\QUICKT~1\BAK

14/11/2007 23.43 286.720 qttask.exe
1 File 286.720 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0

Directory di C:\PROGRA~1\ITUNES\BAK

15/11/2007 13.11 267.048 iTunesHelper.exe
1 File 267.048 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0

Directory di C:\PROGRA~1\DVD43\BAK

16/08/2005 18.16 690.176 dvd43_tray.exe
1 File 690.176 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0

Directory di C:\PROGRA~1\FILECO~1\SYMANT~1\BAK

04/04/2006 12.02 71.304 ccApp.exe
1 File 71.304 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0

Directory di C:\PROGRA~1\SYNAPT~1\SYNTP\BAK

18/04/2003 15.20 610.304 SynTPEnh.exe
18/04/2003 14.36 110.592 SynTPLpr.exe
2 File 720.896 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0

Directory di C:\PROGRA~1\CYBERL~1\POWERDVD\BAK

31/10/2003 19.42 32.768 PDVDServ.exe
1 File 32.768 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0

Directory di C:\PROGRA~1\FILECO~1\AHEAD\LIB\BAK

12/01/2006 15.40 155.648 NeroCheck.exe
16/11/2006 19.04 139.264 NMBgMonitor.exe
2 File 294.912 byte
2 Directory 26.672.136.192 byte disponibili
Il volume nell'unit? C ? ACER
Numero di serie del volume: 2629-16F0

Directory di C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

12/07/2007 04.00 132.496 jusched.exe
1 File 132.496 byte
2 Directory 26.672.136.192 byte disponibili

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 31 Jan 2008 "C:\WINDOWS\NCLAUNCH.EXe"
65536 11 Jun 2007 "C:\WINDOWS\bak\NCLAUNCH.EXe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 31 Jan 2008 "C:\WINDOWS\system32\SWEEPER.EXE"
167936 18 Dec 2005 "C:\WINDOWS\system32\bak\SWEEPER.EXE"
14348 31 Jan 2008 "C:\Programmi\TomTom HOME 2\HOMERunner.exe"
378784 31 Oct 2007 "C:\Programmi\TomTom HOME 2\bak\HOMERunner.exe"
14348 31 Jan 2008 "C:\Programmi\Launch Manager\QtZiAcer.EXE"
290816 19 Mar 2004 "C:\Programmi\Launch Manager\bak\QtZiAcer.EXE"
14348 31 Jan 2008 "C:\Programmi\QuickTime\QTTask.exe"
286720 14 Nov 2007 "C:\Programmi\QuickTime\bak\qttask.exe"
14348 31 Jan 2008 "C:\Programmi\iTunes\iTunesHelper.exe"
102400 7 Dec 2007 "C:\WINDOWS\Installer\{4F5CE18C-D97D-48FF-A510-A0D90C918294}\iTunesIco.exe"
267048 15 Nov 2007 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
116008 15 Nov 2007 "C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
14348 31 Jan 2008 "C:\Programmi\dvd43\dvd43_tray.exe"
520898 25 Sep 2005 "C:\Documents and Settings\Utente\Documenti\DVD43_3-6-2_Setup.exe"
690176 16 Aug 2005 "C:\Programmi\dvd43\bak\dvd43_tray.exe"
71304 4 Apr 2006 "C:\Programmi\File comuni\Symantec Shared\bak\ccApp.exe"
14348 31 Jan 2008 "C:\Programmi\Synaptics\SynTP\SynTPLpr.exe"
110592 18 Apr 2003 "C:\Programmi\Synaptics\SynTP\Media\SYNTPLPR.EXE"
110592 18 Apr 2003 "C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe"
14348 31 Jan 2008 "C:\Programmi\Synaptics\SynTP\SynTPEnh.exe"
610304 18 Apr 2003 "C:\Programmi\Synaptics\SynTP\Media\SYNTPENH.EXE"
610304 18 Apr 2003 "C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe"
14348 31 Jan 2008 "C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe"
32768 31 Oct 2003 "C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe"
14348 31 Jan 2008 "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
139264 16 Nov 2006 "C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe"
14348 31 Jan 2008 "C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe"
155648 12 Jan 2006 "C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe"
32873 19 Aug 2003 "C:\Programmi\Java\j2re1.4.2_01\bin\jusched.exe"
14348 31 Jan 2008 "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
132496 12 Jul 2007 "C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe"

end of report

bdoriano · Inviato: 02 Feb 2008 23:12 Oggetto:

Ciao Jimny, Ciao

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

Jimny · Mortale devoto Registrato: 02/02/08 03:37 Messaggi: 12

Ciao, siete davvero mitic, non saprei cosa fare se non fosse per voi Embarassed

Ecco Avenger :

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\fhwrnckv

*******************

Script file located at: \??\C:\WINDOWS\coyfcmvy.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\NCLAUNCH.EXe deleted successfully.
File C:\WINDOWS\system32\SWEEPER.EXE deleted successfully.
File C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe deleted successfully.
File C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe deleted successfully.
File C:\Programmi\TomTom HOME 2\HOMERunner.exe deleted successfully.
File C:\Programmi\Launch Manager\QtZiAcer.EXE deleted successfully.
File C:\Programmi\Synaptics\SynTP\SynTPLpr.exe deleted successfully.
File C:\Programmi\Synaptics\SynTP\SynTPEnh.exe deleted successfully.
File C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe deleted successfully.
File C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe deleted successfully.
File C:\Programmi\QuickTime\QTTask.exe deleted successfully.
File C:\Programmi\iTunes\iTunesHelper.exe deleted successfully.
File C:\Programmi\dvd43\dvd43_tray.exe deleted successfully.
File move operation C:\WINDOWS\bak\NCLAUNCH.EXe|C:\WINDOWS\NCLAUNCH.EXe completed successfully.
File move operation C:\WINDOWS\system32\bak\SWEEPER.EXE|C:\WINDOWS\system32\SWEEPER.EXE completed successfully.
File move operation C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe|C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe completed successfully.
File move operation C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe|C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe completed successfully.
File move operation C:\Programmi\TomTom HOME 2\bak\HOMERunner.exe|C:\Programmi\TomTom HOME 2\HOMERunner.exe completed successfully.
File move operation C:\Programmi\Launch Manager\bak\QtZiAcer.EXE|C:\Programmi\Launch Manager\QtZiAcer.EXE completed successfully.
File move operation C:\Programmi\Synaptics\SynTP\bak\SynTPLpr.exe|C:\Programmi\Synaptics\SynTP\SynTPLpr.exe completed successfully.
File move operation C:\Programmi\Synaptics\SynTP\bak\SynTPEnh.exe|C:\Programmi\Synaptics\SynTP\SynTPEnh.exe completed successfully.
File move operation C:\Programmi\Java\jre1.6.0_02\bin\bak\jusched.exe|C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe completed successfully.
File move operation C:\Programmi\CyberLink\PowerDVD\bak\PDVDServ.exe|C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe completed successfully.
File move operation C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\QTTask.exe completed successfully.
File move operation C:\Programmi\iTunes\bak\iTunesHelper.exe|C:\Programmi\iTunes\iTunesHelper.exe completed successfully.
File move operation C:\Programmi\dvd43\bak\dvd43_tray.exe|C:\Programmi\dvd43\dvd43_tray.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Ecco Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23.18.13, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\nvp2pmon.exe
C:\WINDOWS\AGRSMMSG.exe
C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
C:\Programmi\QuickTime\qttask.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Programmi\Spyware Doctor\SDTrayApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\NCLAUNCH.EXe
C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\CTSvcCDA.EXE
C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programmi\File comuni\LightScribe\LSSrvc.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Programmi\Google\Google Updater\GoogleUpdater.exe
C:\Programmi\Spyware Doctor\svcntaux.exe
C:\Programmi\Spyware Doctor\swdsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Documents and Settings\Utente\Desktop\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [PCMCIA Resource Monitor] nvp2pmon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\QtZiAcer.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RemoteControl] C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Aethra\ADSL EB1070 USB\CnxTrApp.dll",AppEntry -REG "Aethra\ADSL EB1070 USB"
O4 - HKLM\..\Run: [SynTPEnh] C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Programmi\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Programmi\Spyware Doctor\SDTrayApp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NCLaunch] C:\WINDOWS\NCLAUNCH.EXe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: AutorunsDisabled
O4 - Global Startup: Google Updater.lnk = C:\Programmi\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3D792278-2021-4CC3-9023-C1481B8B6F48}: NameServer = 85.37.17.16 85.38.28.68
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTSvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Programmi\File comuni\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Programmi\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Programmi\Spyware Doctor\swdsvc.exe

--
End of file - 7582 bytes

Appena faccio kaspersky lo posto.

Jimny · Mortale devoto Registrato: 02/02/08 03:37 Messaggi: 12

Scusatemi, la colpa è mia ma non riesco a fare la scansione di kasperky, mi dice che è attivo l'antivirus. Ho disattivato, firewall, Avira Antivir e Spyware doctor. Non mi sembra di avere altro, perchè non mi parte ??? Sad

bdoriano · Inviato: 03 Feb 2008 12:45 Oggetto:

Devo andare a cercare una vecchia discussione in merito, nel frattempo, proviamo un'altra strada:
Disabilita il tuo antivirus
Collegati a BitDefender (con IE) e fai la scansione completa.

edit: ho trovato le discussioni dove c'erano problemi a usare Kaspersky, prova a dargli un'occhiata:

Kaspersky dà i numeri?

Kaspersky non mi parte

Jimny · Mortale devoto Registrato: 02/02/08 03:37 Messaggi: 12

Ho fatto per ora la scansione con Bitdefender. Ancora c'è qualcosa Sad

non ne posso più !

BitDefender Online Scanner

edit by bdoriano: log eliminato perché incompleto. I logs lunghi vanno caricati su FreeFileHosting come indicato qui.

Jimny · Mortale devoto Registrato: 02/02/08 03:37 Messaggi: 12

Ecco qui le scansioni :

BitDefender Online Scanner -Scan Report.htm

Aiuto !!!! Sad

Jimny · Mortale devoto Registrato: 02/02/08 03:37 Messaggi: 12

Finalmente h ofatto con karsperky (grazie delle discussioni precedenti Very Happy

)

KASPERSKY ONLINE SCANNER REPORT.htm

Jimny · Mortale devoto Registrato: 02/02/08 03:37 Messaggi: 12

Avete una soluzione ? Sad

Jimny · Mortale devoto Registrato: 02/02/08 03:37 Messaggi: 12

Ragazzi sono riuscito a risolvere ? Spero di non aver fatto casino

kasp 2.html

bdoriano · Inviato: 04 Feb 2008 22:08 Oggetto:

Il primo report di Kaspersky evidenziava alcuni virus nel ripristino di sistema e il backup di avenger.
Nel secondo report non ci sono più. Presumo che tu abbia disabilitato il ripristino e cancellato il file di backup di avenger.

Se non riscontri altri problemi, puoi riattivare il ripristino di sistema. Wink

Jimny · Mortale devoto Registrato: 02/02/08 03:37 Messaggi: 12

Ok grazie !!!!! Mi sono accorto che avevo fatto partire avenger senza disabilitare il ripristino. Per fortuna non ho fatto casini Very Happy

, grazie ancora Razz