Olimpo Informatico

[paolop3]

Salve, scusate ancora se vi ho rotto molto in questo periodo, ma ne ho veramente bisogno del pc..
Comunque... Ho eliminato il cd (o almeno è sotto controllo)
ma c'è ancora qualcosa che mi rallenta le schede di explorer. Una funziona dopo aver aspettato un po' ma se apro molte cartelle fanno fatica a caricarsi.
Ho cambiato molti software..

Logfile of HijackThis v1.99.1
Scan saved at 18.16.10, on 26/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AntiSpywareBot\AntiSpywareBotSrv.srv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Alcatel\SpeedTouch USB\bak\Dragdiag.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\AntiSpywareBot\AntiSpywareBot.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\eMule\emule.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
Z:\xxxScaricati dalla rete\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programmi\IE7Pro\IE7Pro.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmi\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmi\IE7Pro\IE7Pro.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://paolop3.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C50957-C235-4EB4-B77D-160BBEABB199}: NameServer = 85.37.17.6 85.38.28.89
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AntiSpywareBot Scanning Engine (AntiSpywareBotSrv) - Unknown owner - C:\Programmi\AntiSpywareBot\AntiSpywareBotSrv.srv.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

[Sante62]

Ciao paolop3
Il rallentamento può dipendere da vari motivi. Comunque il log di HjT sembra pulito. Fai una scansione con Systemscan e posta il log generato come
indicato quì

[paolop3]

Il cid si rigenera e lo blocco, poi antispirewarebot non funziona più e lìho sostituito con antisparewareterminator perchè non riesco più a scaricarlo dal sito.
"le impostazioni correnti non consentono il download del file"
Mentre prima si con le stesse cose.

Questo è il file...
http://www.freefilehosting.net/download/3b4cc

[paolop3]

http://www.freefilehosting.net/download/3b4dg

ma dal sito di antispywarebot si scarica?
http://www.antispywarebot.com
anche con prorezioni più basse non ci riesco e non è dovuto a pctoolsfirewall

Grazie

[bdoriano]

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Scarica anche ATF-Cleaner.
Avvia ATF-Cleaner (serve a eliminare i files temporanei)
Metti il segno di spunta a Select All
(se vuoi conservare i files del cestino, togli il segno di spunta a Recycle bin)
Clicca su Empty selected

Apri il notepad, e copia/incolla questo codice

[paolop3]

quando vado sul semaforo

selected file does not appear to be a valid script

error code 0

[bdoriano]

Accorciamo lo script...

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Scarica anche ATF-Cleaner.
Avvia ATF-Cleaner (serve a eliminare i files temporanei)
Metti il segno di spunta a Select All
(se vuoi conservare i files del cestino, togli il segno di spunta a Recycle bin)
Clicca su Empty selected

Apri il notepad, e copia/incolla questo codice

[paolop3]

ok explorer scorrevole


Logfile of HijackThis v1.99.1
Scan saved at 17.09.17, on 27/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\SPYWAR~2\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
Z:\xxxScaricati dalla rete\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programmi\IE7Pro\IE7Pro.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~2\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmi\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmi\IE7Pro\IE7Pro.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://paolop3.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C50957-C235-4EB4-B77D-160BBEABB199}: NameServer = 85.37.17.6 85.38.28.89
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~2\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

kaspersky dice che ci sono virus:
http://www.freefilehosting.net/download/3b4lf

Non vorrei tornasse e quindi vorrei un consiglio su cosa cambiare o togliere perchè ho veramente troppo:
avast antivirus,AVG Anti-Spyware,Spyware Terminator,Registry Mechanic,AntiSpywareBot,Spybot - Search & Destroy,Registry Mechanic,CCleaner e pctoolsfirewall

[bdoriano]

Dovresti postare anche il log di avenger (c:\avenger.txt, se non ricordo male). Altrimenti, non possiamo sapere se ha fatto tutto il suo dovere.

Vedo che hai ancora qualche schifezzuola installata (AntiSpywareBot - finto antispyware, truffa reale).

Disabilita il ripristino di sistema

scarica Hoster
Avvia Hoster
clicca su "Restore Microsoft's Original Hosts File"
clicca su "Make Host Read Only"
e chiudilo

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[paolop3]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\oujgkamb

*******************

Script file located at: \??\C:\Program Files\mypcytmt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe deleted successfully.
File C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe deleted successfully.
File C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe deleted successfully.
File C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe deleted successfully.
File C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe deleted successfully.
File C:\Programmi\File comuni\Real\Update_OB\realsched.exe deleted successfully.
File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe deleted successfully.
File C:\Programmi\HP\HP Software Update\HPWuSchd2.exe deleted successfully.
File C:\Programmi\Winamp\winampa.exe deleted successfully.
File C:\DOCUME~1\ILPADR~1\DATIAP~1\BASEGR~1\Part dvd software.exe deleted successfully.
File c:\WINDOWS\Tasks\A6A93256918AA7DA.job deleted successfully.
File move operation C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\bak\apdproxy.exe|C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe completed successfully.
File move operation C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe|C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe completed successfully.
File move operation C:\Programmi\Alcatel\SpeedTouch USB\bak\Dragdiag.exe|C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe completed successfully.
File move operation C:\Programmi\File comuni\Ahead\Lib\bak\NeroCheck.exe|C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe completed successfully.
File move operation C:\Programmi\File comuni\Ahead\Lib\bak\NMBgMonitor.exe|C:\Programmi\File comuni\Ahead\Lib\NMBgMonitor.exe completed successfully.
File move operation C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe|C:\Programmi\File comuni\Real\Update_OB\realsched.exe completed successfully.
File move operation C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe completed successfully.
File move operation C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe|C:\Programmi\HP\HP Software Update\HPWuSchd2.exe completed successfully.
File move operation C:\Programmi\Winamp\bak\winampa.exe|C:\Programmi\Winamp\winampa.exe completed successfully.
Folder c:\basegreyfunk deleted successfully.
Folder C:\Documents and Settings\il padrino\Dati applicazioni\basegreyfunk deleted successfully.


Registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] not found!
Deletion of registry key HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] failed!
Status: 0xc0000034

Registry key HKLM\software\microsoft\shared tools\msconfig\startupreg\dash ford deleted successfully.
Program c:\fix.reg successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.

ora faccio il resto

[paolop3]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\hmdxvco^

*******************

Script file located at: cqjjiddx

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!

------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 18.29.21, on 29/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
Z:\xxxScaricati dalla rete\HijackThis.exe
C:\Programmi\Alwil Software\Avast4\setup\avast.setup
C:\WINDOWS\system32\HPZipm12.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programmi\IE7Pro\IE7Pro.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmi\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmi\IE7Pro\IE7Pro.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://paolop3.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C50957-C235-4EB4-B77D-160BBEABB199}: NameServer = 85.37.17.6 85.38.28.89
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

[bdoriano]

Vedo che, stavolta, avenger non è riuscito a fare il suo dovere.

Riscontri ancora problemi?

[paolop3]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ciwcvayd

*******************

Script file located at: \??\C:\Program Files\utovnpbk.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Documents and Settings\il padrino\Impostazioni locali\Temp\sta17A.exe not found!
Deletion of file C:\Documents and Settings\il padrino\Impostazioni locali\Temp\sta17A.exe failed!

Could not process line:
C:\Documents and Settings\il padrino\Impostazioni locali\Temp\sta17A.exe
Status: 0xc0000034



Could not open file C:\Programmi\AntiSpywareBot\AntiSpywareBot.exe for deletion
Deletion of file C:\Programmi\AntiSpywareBot\AntiSpywareBot.exe failed!

Could not process line:
C:\Programmi\AntiSpywareBot\AntiSpywareBot.exe
Status: 0xc000003a

File C:\Programmi\Circle Developement\Uninstall.exe deleted successfully.
File C:\WINDOWS\system32\drivers\etc\hosts.backup deleted successfully.
File X:\B\AntispywareBot ver.1.5 + licenza funzionante (leggero e funzionanate) by xxx85.rar deleted successfully.
File Z:\xxxScaricati dalla rete\settembre\VA21_DAPDD.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.


Qualche volta si resetta quando ho troppe cose aperte tra emule, internet, giochi ecc, per il resto tutto ok

[bdoriano]

C'è ancora attivo Antispywarebot.

Fai questa scansione con RogueRemoverFree.

Disabilita il tuo antivirus
Collegati a BitDefender (con IE) e fai la scansione completa.

Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

[paolop3]

Antispywarebot non lo tova perchè l'ho già eliminato tramite spybot search and destroy

Dopo faccio tutto il resto

[paolop3]

http://www.freefilehosting.net/download/3bck9

ah! una cosa strana adesso è questa: quando spengo il pc mi dice che potrebbe richiedere molto tempo. non mi era mai comparso una cosa simile...

[bdoriano]

Non so perché, ma ho il dubbio che ci sia qualcosa...

Disabilita il ripristino di sistema.
Giusto per sicurezza, segui le istruzioni di questo topic per postare il log di combofix.
Poi, fai queste scansioni con GMER e posta i logs su FreeFileHosting come indicato qui.

[paolop3]

Logfile of HijackThis v1.99.1
Scan saved at 14.58.10, on 03/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
X:\B\gmer.exe
Z:\xxxScaricati dalla rete\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programmi\IE7Pro\IE7Pro.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmi\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmi\IE7Pro\IE7Pro.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://paolop3.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C50957-C235-4EB4-B77D-160BBEABB199}: NameServer = 85.37.17.6 85.38.28.89
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe


ComboFix 08-02.03.1 - il padrino 2008-02-03 14.42.06.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.513 [GMT 1:00]
Eseguito da: C:\Documents and Settings\il padrino\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\Documents and Settings\il padrino\Dati applicazioni\AntiSpywareBot
C:\Documents and Settings\il padrino\Dati applicazioni\inst.exe
C:\WINDOWS\system32\Cache

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com
.
((((((((((((((((((((((((( Files Creati Da 2008-01-03 al 2008-02-03 )))))))))))))))))))))))))))))))))))
.

2008-01-28 18:38 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-27 17:17 . 2008-01-27 17:17 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-27 17:17 . 2008-01-27 17:17 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Kaspersky Lab
2008-01-27 14:32 . 2008-01-27 14:32 116 --a--c--- C:\fix.reg
2008-01-27 13:29 . 2007-06-14 12:43 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Risorse di stampa
2008-01-27 13:29 . 2007-06-14 12:43 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Risorse di rete
2008-01-27 13:29 . 2007-06-14 12:43 <DIR> d----c--- C:\Documents and Settings\Administrator\Preferiti
2008-01-27 13:29 . 2007-06-14 10:52 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Modelli
2008-01-27 13:29 . 2007-06-14 12:43 <DIR> dr---c--- C:\Documents and Settings\Administrator\Menu Avvio
2008-01-27 13:29 . 2007-06-14 12:43 <DIR> d--h-c--- C:\Documents and Settings\Administrator\Impostazioni locali
2008-01-27 13:29 . 2007-06-14 12:43 <DIR> d----c--- C:\Documents and Settings\Administrator\Documenti
2008-01-27 13:29 . 2007-06-14 12:43 <DIR> dr-h-c--- C:\Documents and Settings\Administrator\Dati applicazioni
2008-01-27 12:53 . 2008-01-27 13:51 <DIR> d----c--- C:\suspectfile
2008-01-26 22:56 . 2008-01-26 22:56 138,752 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-01-26 21:57 . 2008-02-01 21:25 <DIR> d-------- C:\Programmi\Spyware Terminator
2008-01-26 21:57 . 2008-01-30 18:38 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Spyware Terminator
2008-01-26 21:18 . 2008-01-26 21:18 178 --a------ C:\WINDOWS\wininit.ini
2008-01-26 20:09 . 2008-01-26 20:13 250 --a------ C:\WINDOWS\gmer.ini
2008-01-26 17:53 . 2008-01-04 14:13 218,520 --a------ C:\WINDOWS\system32\drivers\pctfw2.sys
2008-01-26 17:47 . 2008-01-26 19:48 <DIR> d-------- C:\Programmi\PC Tools Firewall Plus
2008-01-26 17:47 . 2008-01-26 17:47 <DIR> d-------- C:\Programmi\File comuni\PC Tools
2008-01-26 17:47 . 2008-01-04 14:13 125,848 --a------ C:\WINDOWS\system32\drivers\pctfw.sys
2008-01-26 17:47 . 2008-01-04 14:13 40,856 --a------ C:\WINDOWS\system32\drivers\pctmp.sys
2008-01-26 17:47 . 2008-01-04 14:13 18,328 --a------ C:\WINDOWS\system32\drivers\pctssipc.sys
2008-01-26 17:13 . 2008-01-26 17:20 8,192 --a--c--- C:\s-1-5-21-507921405-1085031214-725345543-500.rrr
2008-01-26 16:55 . 2008-01-26 16:55 262,144 --a------ C:\ntuser.dat
2008-01-26 16:15 . 2008-01-26 16:15 <DIR> d-------- C:\Programmi\CCleaner
2008-01-25 22:18 . 2008-01-25 23:15 <DIR> d-------- C:\Programmi\NetCom
2008-01-25 21:11 . 2008-01-26 12:14 <DIR> d-------- C:\Programmi\SpywareDetector
2008-01-25 21:11 . 2008-01-26 12:06 63 --a------ C:\WINDOWS\system\SysSD.dll
2008-01-25 20:16 . 2008-01-25 20:16 <DIR> d-------- C:\Programmi\Lavasoft
2008-01-20 12:43 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-01-20 12:42 . 2008-01-20 12:42 <DIR> d-------- C:\Programmi\Microsoft SQL Server Compact Edition
2008-01-20 12:23 . 2008-01-20 12:43 <DIR> d--hsc--- C:\Programmi\File comuni\WindowsLiveInstaller
2008-01-20 12:23 . 2008-01-20 12:50 <DIR> d----c--- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\WLInstaller
2008-01-19 11:31 . 2008-01-19 11:31 <DIR> d-------- C:\Programmi\basegreyfunk
2008-01-18 20:04 . 2008-01-19 13:45 <DIR> d----c--- C:\PCOBWIN
2008-01-18 20:04 . 1996-07-01 01:01 18,944 --a------ C:\WINDOWS\system\MFWINLD.FON
2008-01-07 17:49 . 2008-01-07 17:49 <DIR> d----c--- C:\Documents and Settings\il padrino\Incomplete
2008-01-07 17:49 . 2008-01-07 17:59 <DIR> d----c--- C:\Documents and Settings\il padrino\Dati applicazioni\LimeWire
2008-01-07 17:48 . 2005-04-13 03:48 49,265 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-01-03 16:43 . 2008-01-03 16:43 44 --a------ C:\WINDOWS\liveup.ini
2008-01-03 16:42 . 2008-01-03 16:42 565,170 --a------ C:\WINDOWS\system32\large.bnk
2008-01-03 16:42 . 2008-01-03 16:42 278,528 --a------ C:\WINDOWS\system32\livesnth.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 13:37 --------- dc--a-w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\TEMP
2008-02-03 13:06 --------- d-----w C:\Programmi\eMule
2008-02-03 11:12 --------- dc----w C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Spybot - Search & Destroy
2008-02-03 10:57 --------- d-----w C:\Programmi\Circle Developement
2008-01-27 16:02 --------- d-----w C:\Programmi\Winamp
2008-01-27 14:59 --------- d-----w C:\Programmi\EasyDVDConverter
2008-01-27 13:04 --------- d-----w C:\Programmi\MSN Messenger
2008-01-27 13:04 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-01-26 20:18 --------- d-----w C:\Programmi\RegistryFix
2008-01-26 11:09 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-01-20 11:43 --------- d-----w C:\Programmi\Windows Live
2008-01-07 16:48 --------- d-----w C:\Programmi\Java
2007-12-30 00:24 --------- d-----w C:\Programmi\SpeedBit Video Accelerator
2007-12-30 00:21 50,688 ----a-w C:\WINDOWS\system32\wbhelp2.dll
2007-12-27 14:30 --------- d-----w C:\Programmi\Google
2007-12-23 23:33 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-07 09:27 727,552 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-10-17 12:15 47,360 -c--a-w C:\Documents and Settings\il padrino\Dati applicazioni\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 0 2004-02-06 16:29:17 C:\Programmi\321Studios\Platinum\bak\makedir

----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe
----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Alwil Software\Avast4\ashDisp.exe

----a-w 6,731,312 2007-10-23 11:09:50 C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\bak\avgas.exe
----a-w 6,731,312 2007-06-11 09:25:42 C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2007-03-22 07:49 149040]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-20 16:05 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpeedTouch USB Diagnostics"="C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-11-12 10:02 860672]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-22 14:09 63712]
"WinampAgent"="C:\Programmi\Winamp\winampa.exe" [2007-05-14 23:22 35328]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41 49152]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-15 19:02 153136]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"SpeedBitVideoAccelerator"="C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe" [2007-12-30 01:23 2188912]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe" [2005-04-13 03:48 36975]
"00PCTFW"="C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" [2007-12-31 09:16 2594712]
"SpywareTerminator"="C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe" [2008-01-26 22:01 2834432]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00 15360]

C:\Documents and Settings\All Users.WINDOWS\Menu Avvio\Programmi\Esecuzione automatica\
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22 288472]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office\OSA9.EXE [1999-02-17 21:05:56 65588]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2006-01-12 18:36:18 389120]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Philips Intelligent Agent]
--a------ 2006-04-21 09:46 420864 C:\Programmi\Philips Intelligent Agent\Philips Intelligent Agent.exe

R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-01-04 14:13]
R1 pctmp;PC Tools Firewall Memory Protection Driver;C:\WINDOWS\system32\drivers\pctmp.sys [2008-01-04 14:13]
R1 pctssipc;PC Tools Security Suite IPC Driver;C:\WINDOWS\system32\drivers\pctssipc.sys [2008-01-04 14:13]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-01-26 22:56]
R2 sbbotdi;sbbotdi;C:\PROGRA~1\SPEEDB~1\sbbotdi.sys [2007-12-30 01:23]
R2 VideoAcceleratorService;VideoAcceleratorService;C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe -start []
S3 mbr;mbr;C:\DOCUME~1\ILPADR~1\IMPOST~1\Temp\mbr.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-03 14:43:37
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-02-03 14.44.49
ComboFix-quarantined-files.txt 2008-02-03 13:44:47
.
2008-01-26 14:21:49 --- E O F ---



gmer

http://www.freefilehosting.net/download/3bcm9 autostart

http://www.freefilehosting.net/download/3bcma rootkit

[bdoriano]

Hijackthis sembra pulito.
Combofix ha eliminato ospiti indesiderati.

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[paolop3]

--------------------------------------------------------------------------------

http://www.freefilehosting.net/download/3bd4f

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\tinhtevx

*******************

Script file located at: \??\C:\Program Files\ecuwicrt.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\DOCUME~1\ILPADR~1\IMPOST~1\Temp\mbr.sys not found!
Deletion of file C:\DOCUME~1\ILPADR~1\IMPOST~1\Temp\mbr.sys failed!

Could not process line:
C:\DOCUME~1\ILPADR~1\IMPOST~1\Temp\mbr.sys
Status: 0xc0000034



Folder C:\Programmi\basegreyfunk not found!
Deletion of folder C:\Programmi\basegreyfunk failed!

Could not process line:
C:\Programmi\basegreyfunk
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.


Logfile of HijackThis v1.99.1
Scan saved at 17.17.45, on 03/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\PC Tools Firewall Plus\FWService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Spyware Terminator\sp_rsser.exe
C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Winamp\winampa.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe
C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
C:\Programmi\File comuni\Ahead\Lib\NMIndexStoreSvr.exe
C:\Programmi\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
Z:\xxxScaricati dalla rete\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: IE7pro - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Programmi\IE7Pro\IE7Pro.dll
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Programmi\Winamp\winampa.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SpeedBitVideoAccelerator] "C:\Programmi\SpeedBit Video Accelerator\VideoAccelerator.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programmi\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [00PCTFW] "C:\Programmi\PC Tools Firewall Plus\FirewallGUI.exe" -s
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Programmi\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O9 - Extra button: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmi\IE7Pro\IE7Pro.dll
O9 - Extra 'Tools' menuitem: IE7pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Programmi\IE7Pro\IE7Pro.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://paolop3.spaces.live.com/PhotoUpload/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4C50957-C235-4EB4-B77D-160BBEABB199}: NameServer = 85.37.17.6 85.38.28.89
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Ahead\Lib\NMIndexingService.exe
O23 - Service: PC Tools Firewall Plus (PCToolsFirewallPlus) - PC Tools - C:\Programmi\PC Tools Firewall Plus\FWService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Programmi\Spyware Terminator\sp_rsser.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programmi\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe