Olimpo Informatico

[yamashita]

ciao.stavo cercando di ridurre i programmi all'avvio di windows e ho notato questo dw_start in impostazioni locati \temp\IXPOOO.TMP\DWoli5.exeDWoli5.
sapete di cosa si tratta?lo posso disattivare?e' pericoloso??ho fatto una ricerca su google ma trovo solo qualche risposta in inglese che non riesco bene a capire.grazie mille per i consigli.

[bdoriano]

Si tratta semplicemente di un virus.
Se lo vuoi tenere, lascialo lì tranquillo.

[yamashita]

davvero???? aspetto indicazioni.grazie

[bdoriano]

• Disabilita il ripristino di sistema.
  
• Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
  
• Scarica Norman Malware Cleaner.
  
• Avvia il pc in modalità provvisoria.
  
• Avvia Norman Malware Cleaner e fagli fare la scansione completa.
  Viene generato un log sul desktop chiamandolo NFix_2008-04-gg_hh-mm-ss.log, alla fine della scansione caricalo su FreeFileHosting come indicato qui e posta il link che ti viene assegnato.
  
• Segui le istruzioni di questo topic per postare il log di combofix.

[yamashita]

grazie mille per la risposta,ho un problema quando entro in modalita' provvisoria mi chiede se voglio entrare come amministratore o con il mio nome,cosa scelgo?.e un'altra cosa sono entrato prima in modalita' provvisoria e non riuscivo a vedere norman malware cleaner sul desktop,ma l'avevo salvato poco prima.megli salvarlo in una cartella?tante grazie

[yamashita]

NFix_2008-04-06_21-24-59.log

[yamashita]

ComboFix 08-04-06.1 - Franco_ 2008-04-06 23.02.57.1 - NTFSx86
Eseguito da: C:\Documents and Settings\Franco_\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-03-06 al 2008-04-06 )))))))))))))))))))))))))))))))))))
.

2008-04-06 16:48 . 2008-04-06 17:00 <DIR> d-------- C:\Documents and Settings\Franco_\.housecall6.6
2008-04-05 13:33 . 2008-04-05 13:56 <DIR> d-------- C:\Programmi\Last.fm
2008-04-04 20:10 . 2008-04-04 20:14 <DIR> d-------- C:\Programmi\RegScrubXP
2008-04-04 19:59 . 2008-04-04 19:59 250 --a------ C:\WINDOWS\gmer.ini
2008-04-04 19:55 . 2008-04-05 03:34 <DIR> d-------- C:\Programmi\a-squared Free
2008-04-04 19:48 . 2008-04-04 19:48 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-04-04 19:48 . 2008-04-04 19:48 <DIR> d-------- C:\Documents and Settings\Franco_\Dati applicazioni\SUPERAntiSpyware.com
2008-04-04 19:48 . 2008-04-04 19:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-04-04 19:16 . 2008-04-04 19:24 <DIR> d-a------ C:\Documents and Settings\All Users\Dati applicazioni\TEMP
2008-04-03 00:36 . 1993-07-22 23:00 210,944 --------- C:\WINDOWS\system32\Msvcrt10.dll
2008-04-03 00:36 . 2001-03-15 04:55 101,200 --------- C:\WINDOWS\system32\pdfshell.dll
2008-04-03 00:36 . 2001-03-15 05:18 65,536 --------- C:\WINDOWS\system32\adistres.dll
2008-04-03 00:36 . 2001-03-15 05:18 20,584 --------- C:\WINDOWS\system32\PdfPorts.dll
2008-04-03 00:35 . 2008-04-03 00:35 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-04-03 00:34 . 2008-04-03 00:34 <DIR> d-------- C:\Documents and Settings\Franco_\Dati applicazioni\InterTrust
2008-04-03 00:34 . 1998-10-29 14:45 306,688 --a------ C:\WINDOWS\IsUninst.exe
2008-04-02 22:07 . 2008-04-02 22:07 <DIR> d-------- C:\Programmi\BitTorrent
2008-04-02 22:07 . 2008-04-04 20:30 <DIR> d-------- C:\Documents and Settings\Franco_\Dati applicazioni\DNA
2008-04-02 21:01 . 2008-04-02 21:01 <DIR> d-------- C:\Documents and Settings\Franco_\Dati applicazioni\pdf995
2008-04-02 21:01 . 2008-04-02 21:01 28 --a------ C:\WINDOWS\pdf995.ini
2008-04-02 20:50 . 2008-04-02 20:50 <DIR> d-------- C:\Programmi\PDFCreator PL
2008-04-02 20:50 . 2008-04-02 20:50 <DIR> d-------- C:\Documents and Settings\Franco_\Dati applicazioni\PDFCreator
2008-04-02 20:50 . 2000-05-22 17:58 647,872 --a------ C:\WINDOWS\system32\MSCOMCT2.OCX
2008-04-02 20:50 . 2005-04-20 20:08 196,608 --a------ C:\WINDOWS\system32\PDFSpooler.exe
2008-04-02 20:50 . 1998-07-06 17:55 158,208 --a------ C:\WINDOWS\system32\MSCMCDE.DLL
2008-04-02 20:50 . 1998-07-06 17:56 125,712 --a------ C:\WINDOWS\system32\VB6DE.DLL
2008-04-02 20:50 . 2001-10-28 17:42 116,224 --a------ C:\WINDOWS\system32\pdfcmnnt.dll
2008-04-02 20:50 . 1998-07-06 17:55 64,512 --a------ C:\WINDOWS\system32\MSCC2DE.DLL
2008-04-02 20:50 . 1998-07-06 17:55 33,792 --a------ C:\WINDOWS\system32\CMDLGDE.DLL
2008-04-02 20:50 . 1998-07-06 01:00 23,552 --a------ C:\WINDOWS\system32\MSMPIDE.DLL
2008-04-02 19:46 . 2008-04-02 21:08 <DIR> d-------- C:\Programmi\pdf995
2008-04-02 19:46 . 2008-04-02 21:03 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\pdf995
2008-04-02 19:46 . 2008-04-02 20:48 249,856 --a------ C:\WINDOWS\system32\pdfmona.dll
2008-04-02 19:46 . 2008-04-02 20:48 51,716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2008-04-02 19:46 . 2008-04-02 21:03 59 --a------ C:\WINDOWS\wpd99.drv
2008-04-02 18:41 . 1998-11-13 13:07 307,712 --a------ C:\WINDOWS\IsUn0410.exe
2008-04-02 16:01 . 2008-04-02 16:01 <DIR> d-------- C:\Documents and Settings\Franco_\Dati applicazioni\Grisoft
2008-04-02 16:00 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-04-02 14:32 . 2008-04-02 14:32 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\AVG7
2008-04-02 14:32 . 2008-04-06 14:17 <DIR> d-------- C:\Documents and Settings\Franco_\Dati applicazioni\AVG7
2008-04-02 14:31 . 2008-04-02 16:00 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-04-02 14:31 . 2008-04-03 03:50 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-03-31 22:51 . 2008-03-31 23:12 <DIR> d-------- C:\Programmi\Finale 2007
2008-03-27 23:14 . 2008-03-27 23:15 <DIR> d-------- C:\Programmi\MagicDisc
2008-03-27 23:14 . 2008-02-18 18:29 96,256 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys
2008-03-27 22:55 . 2008-04-03 13:53 <DIR> d-------- C:\Programmi\free-downloads.net
2008-03-27 22:55 . 2008-04-03 13:53 <DIR> d-------- C:\Programmi\Conduit
2008-03-27 22:33 . 2008-03-27 22:33 <DIR> d-------- C:\Programmi\Alcohol Soft
2008-03-27 22:27 . 2008-03-27 22:48 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-03-27 12:30 . 2008-04-01 22:09 220 --a------ C:\WINDOWS\ChssBase.ini
2008-03-27 12:20 . 2008-03-27 12:20 <DIR> d-------- C:\Documents and Settings\Franco_\Dati applicazioni\ChessBase
2008-03-25 15:45 . 2008-03-31 23:02 34,232 --a------ C:\WINDOWS\system32\GDIPFONTCACHEV1.DAT
2008-03-25 15:10 . 2008-03-29 16:32 <DIR> d-------- C:\Programmi\chessbase
2008-03-24 04:39 . 2008-03-24 04:39 <DIR> d-------- C:\Programmi\CCleaner
2008-03-23 16:52 . 2008-03-25 16:11 <DIR> d-------- C:\Documents and Settings\Franco_\Dati applicazioni\Propellerhead Software
2008-03-23 16:52 . 2008-03-23 16:52 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Propellerhead Software
2008-03-23 16:52 . 2008-03-23 16:52 233,472 --a------ C:\WINDOWS\system32\REX Shared Library.dll
2008-03-23 16:52 . 2008-03-23 16:52 225,280 --a------ C:\WINDOWS\system32\ReWire.dll
2008-03-23 16:48 . 2008-03-23 16:48 <DIR> d-------- C:\Programmi\Propellerhead
2008-03-23 16:29 . 2004-08-19 16:39 116,224 --a--c--- C:\WINDOWS\system32\dllcache\xrxwiadr.dll
2008-03-23 16:29 . 2001-08-31 00:08 99,865 --a--c--- C:\WINDOWS\system32\dllcache\xlog.exe
2008-03-23 16:29 . 2001-08-31 00:08 27,648 --a--c--- C:\WINDOWS\system32\dllcache\xrxftplt.exe
2008-03-23 16:29 . 2001-08-31 00:08 23,040 --a--c--- C:\WINDOWS\system32\dllcache\xrxwbtmp.dll
2008-03-23 16:29 . 2001-08-31 00:08 17,408 --a--c--- C:\WINDOWS\system32\dllcache\xrxscnui.dll
2008-03-23 16:29 . 2001-08-31 00:08 4,608 --a--c--- C:\WINDOWS\system32\dllcache\xrxflnch.exe
2008-03-23 16:28 . 2004-08-03 23:31 154,624 --a--c--- C:\WINDOWS\system32\dllcache\wlluc48.sys
2008-03-23 16:28 . 2001-08-30 21:46 35,402 --a--c--- C:\WINDOWS\system32\dllcache\wlandrv2.sys
2008-03-23 16:28 . 2004-08-03 23:29 19,455 --a--c--- C:\WINDOWS\system32\dllcache\wvchntxx.sys
2008-03-23 16:28 . 2001-08-17 21:11 16,970 --a--c--- C:\WINDOWS\system32\dllcache\xem336n5.sys
2008-03-23 16:28 . 2004-08-03 23:29 12,063 --a--c--- C:\WINDOWS\system32\dllcache\wsiintxx.sys
2008-03-23 16:28 . 2004-08-04 00:07 8,832 --a--c--- C:\WINDOWS\system32\dllcache\wmiacpi.sys
2008-03-23 16:28 . 2004-08-19 16:39 8,192 --a--c--- C:\WINDOWS\system32\dllcache\wshirda.dll
2008-03-23 16:26 . 2001-08-17 22:28 794,654 --a--c--- C:\WINDOWS\system32\dllcache\usr1801.sys
2008-03-23 16:25 . 2001-08-31 00:08 525,568 --a--c--- C:\WINDOWS\system32\dllcache\tridxp.dll
2008-03-23 16:24 . 2001-08-17 23:01 241,664 --a--c--- C:\WINDOWS\system32\dllcache\tosdvd02.sys
2008-03-23 16:23 . 2001-08-30 20:49 286,816 --a--c--- C:\WINDOWS\system32\dllcache\stlnata.sys
2008-03-23 16:22 . 2004-08-03 23:41 404,990 --a--c--- C:\WINDOWS\system32\dllcache\slntamr.sys
2008-03-23 16:21 . 2001-08-31 00:07 495,616 --a--c--- C:\WINDOWS\system32\dllcache\sblfx.dll
2008-03-23 16:20 . 2001-08-30 23:10 899,754 --a--c--- C:\WINDOWS\system32\dllcache\r2mdkxga.sys
2008-03-23 16:19 . 2004-08-19 16:39 363,520 --a--c--- C:\WINDOWS\system32\dllcache\psisdecd.dll
2008-03-23 16:18 . 2004-08-19 16:39 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-03-23 16:17 . 2004-08-19 16:39 1,737,856 --a--c--- C:\WINDOWS\system32\dllcache\mtxparhd.dll
2008-03-23 16:16 . 2004-08-19 16:39 56,832 --a--c--- C:\WINDOWS\system32\dllcache\msdvbnp.ax
2008-03-23 16:16 . 2004-08-04 00:10 51,328 --a--c--- C:\WINDOWS\system32\dllcache\msdv.sys
2008-03-23 16:16 . 2004-08-04 00:10 49,024 --a--c--- C:\WINDOWS\system32\dllcache\mstape.sys
2008-03-23 16:16 . 2001-08-17 23:02 35,200 --a--c--- C:\WINDOWS\system32\dllcache\msgame.sys
2008-03-23 16:16 . 2004-08-04 00:00 22,016 --a--c--- C:\WINDOWS\system32\dllcache\msircomm.sys
2008-03-23 16:16 . 2001-08-17 22:48 12,416 --a--c--- C:\WINDOWS\system32\dllcache\msriffwv.sys
2008-03-23 16:16 . 2001-08-17 22:48 6,016 --a--c--- C:\WINDOWS\system32\dllcache\msfsio.sys
2008-03-23 16:16 . 2001-08-17 23:00 2,944 --a--c--- C:\WINDOWS\system32\dllcache\msmpu401.sys
2008-03-23 16:14 . 2001-08-30 21:11 728,394 --a--c--- C:\WINDOWS\system32\dllcache\ltck000c.sys
2008-03-23 16:13 . 2004-08-19 16:39 153,600 --a--c--- C:\WINDOWS\system32\dllcache\irftp.exe
2008-03-23 16:12 . 2001-08-31 00:07 90,200 --a--c--- C:\WINDOWS\system32\dllcache\io8ports.dll
2008-03-23 16:12 . 2001-08-17 21:12 45,632 --a--c--- C:\WINDOWS\system32\dllcache\ip5515.sys
2008-03-23 16:12 . 2001-08-17 22:50 38,784 --a--c--- C:\WINDOWS\system32\dllcache\io8.sys
2008-03-23 16:12 . 2001-08-17 22:52 16,000 --a--c--- C:\WINDOWS\system32\dllcache\ini910u.sys
2008-03-23 16:12 . 2001-08-30 20:43 13,568 --a--c--- C:\WINDOWS\system32\dllcache\inport.sys
2008-03-23 16:12 . 2004-08-19 16:28 5,504 --a--c--- C:\WINDOWS\system32\dllcache\intelide.sys
2008-03-23 16:09 . 2001-08-17 22:28 542,879 --a--c--- C:\WINDOWS\system32\dllcache\hsf_msft.sys
2008-03-23 16:09 . 2001-08-17 22:28 488,383 --a--c--- C:\WINDOWS\system32\dllcache\hsf_v124.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 18:11 --------- d-----w C:\Documents and Settings\Franco_\Dati applicazioni\BitTorrent
2008-04-02 20:07 --------- d-----w C:\Programmi\DNA
2008-04-02 11:32 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg8
2008-03-29 14:31 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-03-25 13:10 --------- d-----w C:\Programmi\Common Files
2008-03-20 14:33 --------- d-----w C:\Programmi\Motive
2008-03-19 13:31 --------- d-----w C:\Programmi\File comuni\InstallShield
2008-03-19 11:50 --------- d-----w C:\Programmi\AVG
2008-03-19 11:48 --------- d-----w C:\Programmi\Sophos
2008-03-19 11:43 --------- d-----w C:\Programmi\Hewlett-Packard
2008-03-19 11:41 --------- d-----w C:\Programmi\HP
2008-03-19 11:02 155,995 ----a-w C:\WINDOWS\java\Packages\BBTJJ57V.ZIP
2008-03-19 11:01 --------- d-----w C:\Programmi\Telecom Italia
2008-03-19 10:53 --------- d-----w C:\Programmi\microsoft frontpage
2008-03-19 10:50 --------- d-----w C:\Programmi\Servizi in linea
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 15:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 19:55 49152]
"M-Audio Taskbar Icon"="C:\WINDOWS\System32\M-AudioTaskBarIcon.exe" [2005-10-18 11:00 91136]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 05:25 144784]
"tsnp2std"="C:\WINDOWS\tsnp2std.exe" [2006-05-22 11:37 262144]
"snp2std"="C:\WINDOWS\vsnp2std.exe" [2006-05-15 16:52 675840]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-02 14:32 579072]
"!AVG Anti-Spyware"="C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-03-19 15:14 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 15:39 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2008-04-02 14:32 219136]

C:\Documents and Settings\Franco_\Menu Avvio\Programmi\Esecuzione automatica\
Last.fm Helper.lnk - C:\Programmi\Last.fm\LastFMHelper.exe [2008-04-05 13:33:54 106496]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 12:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Programmi\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 12:41 294912 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSVideo8"= VfWWDM32.dll
"vidc.yv12"= yv12vfw.dll
"msacm.ac3acm"= ac3acm.acm
"VIDC.wmv3"= wmv9vcm.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Acrobat Assistant.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Acrobat Assistant.lnk
backup=C:\WINDOWS\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=C:\WINDOWS\pss\Alice ti aiuta.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Franco_^Menu Avvio^Programmi^Esecuzione automatica^DW_Start.lnk]
path=C:\Documents and Settings\Franco_\Menu Avvio\Programmi\Esecuzione automatica\DW_Start.lnk
backup=C:\WINDOWS\pss\DW_Start.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Franco_^Menu Avvio^Programmi^Esecuzione automatica^MagicDisc.lnk]
path=C:\Documents and Settings\Franco_\Menu Avvio\Programmi\Esecuzione automatica\MagicDisc.lnk
backup=C:\WINDOWS\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 22:16 39792 C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]
--a------ 2008-04-02 22:08 288576 C:\Programmi\DNA\btdna.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a------ 2003-12-22 09:38 241664 C:\Programmi\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a------ 2004-03-04 17:46 172032 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 18:24 1694208 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2008-03-19 15:14 185896 C:\Programmi\File comuni\Real\Update_OB\realsched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\DNA\\btdna.exe"=
"C:\\Programmi\\BitTorrent\\bittorrent.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgamsvr.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgcc.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgemc.exe"=

R2 TransitInstallerService;M-Audio Transit Installer;C:\Programmi\M-Audio\Transit\Install\TUSBInst.exe [2005-06-22 21:51]
R3 ati2mtaa;ati2mtaa;C:\WINDOWS\system32\DRIVERS\ati2mtaa.sys [2004-08-19 17:23]
R3 ma763006;M-Audio Transit USB;C:\WINDOWS\system32\drivers\MA763006.sys [2005-10-18 17:41]
R3 SNP2STD;USB2.0 PC Camera (SNP2STD);C:\WINDOWS\system32\DRIVERS\snp2sxp.sys [2006-06-07 04:34]
S3 MADFU006;MADFU006;C:\WINDOWS\system32\DRIVERS\MADFU006.sys [2005-10-20 15:21]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\136.tmp []
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys []

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 23:06:59
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\C:\WINDOWS\system32\136.tmp"
.
Ora fine scansione: 2008-04-06 23.09.11
ComboFix-quarantined-files.txt 2008-04-06 21:08:58
6 Directory 14,917,697,536 byte disponibili
8 Directory 14,907,621,376 byte disponibili
.
2008-04-03 17:52:52 --- E O F ---

[yamashita]

aspetto notizie.tante grazie

[bdoriano]

Norman ha ripulito il registro.
Combofix sembra non aver trovato nulla.

• Disabilita il tuo antivirus
  
• Collegati a BitDefender (con IE) e fai la scansione completa.
  
• Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
  Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

[yamashita]

kaspersky log.txt

kaspersky report1.html

l'ho messo in tutti e due i formati.
bitdefender non ha trovato nulla.
kaspersky un po di roba "skipped"

grazie.

[yamashita]

c'è da dire che nel menu dei programmi in avvio dw_start figura ancora,solo che è disattivato (infatti l'avevo disattivato io).è normale che stia ancora li??

[yamashita]

Aspetto notizie.grazie