Olimpo Informatico

montellina87 · Mortale pio Registrato: 09/07/06 17:42 Messaggi: 18

ciao a tutti. Ho seguito la prima parte della guida ma il problema non è ancora risolto.
Vi posto qui i vari logs:
log di hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 18.04.39, on 09/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\TRUST\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\VEXPLITE\MONLITE.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\svchost.exe
C:\Programmi\TRUST\Bluetooth Software\BTTray.exe
C:\Programmi\StopDialers\StopDialer.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\DOCUME~1\ADMINI~1\IMPOST~1\Temp\Rar$EX00.770\gmer.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Class - {1A06B321-9911-88C0-89F1-281F7413084A} - C:\WINDOWS\hyqtt1.dll (file missing)
O2 - BHO: Class - {5C7E26C2-BE3E-425E-31C5-143161E782D7} - C:\WINDOWS\hyqtt1.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: C6 Messenger.lnk = C:\Programmi\C6 Messenger\c6Messenger.exe
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialer.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialer.exe
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\TRUST\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\TRUST\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\TRUST\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BB49E12-5953-4147-B9F2-92EE7B60C8B1}: NameServer = 193.70.192.25 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\TRUST\Bluetooth Software\bin\btwdins.exe
O23 - Service: UpdZqs - Unknown owner - C:\Programmi\File comuni\Microsoft Shared\XVy.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Alternate data streams:
C:\WINDOWS\Prefetch\SYSTEM32 : VYITW.EXE-2E280696.pf (19844 bytes)

Silentrunners:
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"SweetIM" = "C:\Programmi\Macrogaming\SweetIM\SweetIM.exe" ["MacroGaming LTD."]
"MessengerPlus3" = ""C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart" ["Patchou"]
"msnmsgr" = "~"C:\Programmi\MSN Messenger\msnmsgr.exe" /background" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"snpstd" = "C:\WINDOWS\vsnpstd.exe" [empty string]
"DataLayer" = "C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE" ["Nokia Mobile Phones Ltd."]
"PCSuiteTrayApplication" = "C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" [empty string]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k" [MS]
"BDMCon" = ""C:\Programmi\Softwin\BitDefender8\bdmcon.exe"" ["SOFTWIN S.R.L."]
"BDNewsAgent" = ""C:\Programmi\Softwin\BitDefender8\bdnagent.exe"" [null data]
"VIRIT LITE MONITOR" = "C:\VEXPLITE\MONLITE.EXE" ["TG Soft S.a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{1A06B321-9911-88C0-89F1-281F7413084A}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Class"
\InProcServer32\(Default) = "C:\WINDOWS\hyqtt1.dll" [file not found]
{5C7E26C2-BE3E-425E-31C5-143161E782D7}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Class"
\InProcServer32\(Default) = "C:\WINDOWS\hyqtt1.dll" [file not found]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Estensione panoramica video del Pannello di controllo"
-> {HKLM...CLSID} = "Estensione panoramica video del Pannello di controllo"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Estensione di icona di HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Estensione dell'icona del file di Outlook"
\InProcServer32\(Default) = "C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programmi\Microsoft Office\Office10\msohev.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {HKLM...CLSID} = "Risorse di rete Bluetooth"
\InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["WIDCOMM, Inc."]
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Programmi\Nokia\Nokia PC Suite 6\NokiaPhoneBrowser.dll" ["Nokia"]
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"
-> {HKLM...CLSID} = "Contact View"
\InProcServer32\(Default) = "C:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Programmi\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" = "BitDefender Antivirus v8"
-> {HKLM...CLSID} = "BitDefender Antivirus v8"
\InProcServer32\(Default) = "C:\Programmi\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Cartelle condivise"
\InProcServer32\(Default) = "C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Programmi\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"
-> {HKLM...CLSID} = "BitDefender Antivirus v8"
\InProcServer32\(Default) = "C:\Programmi\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Programmi\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"
-> {HKLM...CLSID} = "BitDefender Antivirus v8"
\InProcServer32\(Default) = "C:\Programmi\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Colline.bmp"

Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------

C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica
"C6 Messenger" -> shortcut to: "C:\Programmi\C6 Messenger\c6Messenger.exe" ["Icona SpA"]
"Stop Dialers" -> shortcut to: "C:\Programmi\StopDialers\StopDialer.exe" [null data]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
"BTTray" -> shortcut to: "C:\Programmi\TRUST\Bluetooth Software\BTTray.exe" ["WIDCOMM, Inc."]
"Stop Dialers" -> shortcut to: "C:\Programmi\StopDialers\StopDialer.exe" [null data]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programmi\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programmi\google\googletoolbar1.dll" ["Google Inc."]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{E10CA33E-A153-8E29-1F0D-76747590D591}\(Default) = (no title provided)
-> {HKLM...CLSID} = "JavaScript console"
\InProcServer32\(Default) = "C:\WINDOWS\hyqtt1.dll" [file not found]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-4017"
"Script" = "C:\Programmi\TRUST\Bluetooth Software\btsendto_ie.htm" [null data]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programmi\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Programmi\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
BitDefender Communicator, XCOMM, ""C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"]
BitDefender Scan Server, bdss, ""C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data]
Bluetooth Service, btwdins, "C:\Programmi\TRUST\Bluetooth Software\bin\btwdins.exe" ["WIDCOMM, Inc."]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
Machine Debug Manager, MDM, ""C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Servizio Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Programmi\MSN Messenger\usnsvc.dll" [MS]}
Virit eXplorer Lite, viritsvclite, "C:\VEXPLITE\viritsvc.exe" ["TG Soft Sas www.tgsoft.it"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Porta stampante Bluetooth\Driver = "bthcrp.dll" ["WIDCOMM, Inc."]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 163 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 71 seconds.
---------- (total run time: 371 seconds)

Rootkit di Gmer:
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-07-10 01:13:23
Windows 5.1.2600 Service Pack 2

---- Devices - GMER 1.0.10 ----

Device \Driver\BTHUSB \Device\00000065 IRP_MJ_CREATE [F5F8EBB0] bthport.sys
Device \Driver\BTHUSB \Device\00000065 IRP_MJ_CLOSEIRP_MJ_READ [F5FBA990] bthport.sys
Device \Driver\BTHUSB \Device\00000065 IRP_MJ_INTERNAL_DEVICE_CONTROL [F5F8CF00] bthport.sys
Device \Driver\BTHUSB \Device\00000065 IRP_MJ_SHUTDOWN [F5F8DA70] bthport.sys
Device \Driver\BTHUSB \Device\00000065 IRP_MJ_CREATE_MAILSLOT [F5F8E920] bthport.sys
Device \Driver\BTHUSB \Device\00000065 IRP_MJ_SYSTEM_CONTROL [F5FBBEE0] bthport.sys
Device \Driver\BTHUSB \Device\00000065 IRP_MJ_DEVICE_CHANGE [F5FBC7B0] bthport.sys
Device \Driver\BTHUSB \Device\00000065 IRP_MJ_PNP_POWER [F5FBB3B0] bthport.sys
Device \Driver\BTHUSB \Device\00000067 IRP_MJ_CREATE [F5F8EBB0] bthport.sys
Device \Driver\BTHUSB \Device\00000067 IRP_MJ_CLOSEIRP_MJ_READ [F5FBA990] bthport.sys
Device \Driver\BTHUSB \Device\00000067 IRP_MJ_INTERNAL_DEVICE_CONTROL [F5F8CF00] bthport.sys
Device \Driver\BTHUSB \Device\00000067 IRP_MJ_SHUTDOWN [F5F8DA70] bthport.sys
Device \Driver\BTHUSB \Device\00000067 IRP_MJ_CREATE_MAILSLOT [F5F8E920] bthport.sys
Device \Driver\BTHUSB \Device\00000067 IRP_MJ_SYSTEM_CONTROL [F5FBBEE0] bthport.sys
Device \Driver\BTHUSB \Device\00000067 IRP_MJ_DEVICE_CHANGE [F5FBC7B0] bthport.sys
Device \Driver\BTHUSB \Device\00000067 IRP_MJ_PNP_POWER [F5FBB3B0] bthport.sys
---- Processes - GMER 1.0.10 ----

Library C:\WINDOWS\hyqtt1.dll (*** hidden *** ) @ C:\WINDOWS\Explorer.EXE [1156] 0x031E0000 <-- ROOTKIT !!!
Library C:\WINDOWS\hyqtt1.dll (*** hidden *** ) @ C:\Programmi\Internet Explorer\iexplore.exe [3456] 0x01F10000 <-- ROOTKIT !!!

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\WINDOWS\hyqtt1.dll
File C:\WINDOWS\system32\com4.igp

---- EOF - GMER 1.0.10 ----

Autostart di gmer:
&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica >>>
C6 Messenger.lnk = C6 Messenger.lnk
Stop Dialers.lnk = Stop Dialers.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
BTTray.lnk = BTTray.lnk
Stop Dialers.lnk = Stop Dialers.lnk

---- EOF - GMER 1.0.10 ----

montellina87 · Mortale pio Registrato: 09/07/06 17:42 Messaggi: 18

ah dimenticavo di dire che non ho nessuna cartella di nome linkoptimizer e in c: programmi non ho nessun file eseguibile. In doucments and settings il nome dell'utente fittizio è dkc.
grazie a chi mi potrà aiutare!!

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

ciao, scusa l´attesa. Il tuo caso è leggermente diverso da quello degli altri che ho visto (che fortuna eh? Wink

)

Scarica per favore rootkitrevelear e posta un log. Mi raccomando prima di avviare il tool:
- disattiva ogni scansione realtime degli antispware/antivirus
- disconnettiti da Internet
- chiudi il firewall
- disattiva lo screensaver
- non usare il PC finchè ha finito

Spero che tu non abbia riavviato il computer da quando hai postato i log, altrimenti potrebbe essere necessario rifarli Sad

Ciao

montellina87 · Mortale pio Registrato: 09/07/06 17:42 Messaggi: 18

ecco il log:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs 17/06/2006 10.29 66 bytes Windows API length not consistent with raw hive data.
C:\WINDOWS\hyqtt1.del 10/07/2006 14.56 63.16 KB Hidden from Windows API.
C:\WINDOWS\hyqtt1.dll 10/07/2006 14.56 63.16 KB Hidden from Windows API.
C:\WINDOWS\system32\com4.igp 10/07/2006 16.39 115.04 KB Hidden from Windows API.

purtroppo ho riavviato, ma se è necessario posso rifarli tranquillamente!
grazie!

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

sì, grazie. Falli nuovamente altrimenti rischiamo di non risolvere. Vedi la data di creazione delle dll nascoste? E\' di oggi Rolling Eyes

Dopo che li hai postati, finchè io o qualcun altro non ti dice cosa fare, non riavviare a meno che tu non sia proprio costretta.

Credo che ti sei infettata il 17/06/2006. Cosa hai fatto quel giorno? Wink

montellina87 · Mortale pio Registrato: 09/07/06 17:42 Messaggi: 18

Log di Hijackthis:
Logfile of HijackThis v1.99.1
Scan saved at 17.10.52, on 10/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\TRUST\Bluetooth Software\bin\btwdins.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\Programmi\TRUST\Bluetooth Software\BTTray.exe
C:\WINDOWS\system32\svchost.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\MSN Messenger\msnmsgr.exe
C:\Programmi\Adobe\Acrobat 6.0\Reader\AcroRd32.exe
C:\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: C6 Messenger.lnk = C:\Programmi\C6 Messenger\c6Messenger.exe
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialer.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialer.exe
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\TRUST\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\TRUST\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\TRUST\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BB49E12-5953-4147-B9F2-92EE7B60C8B1}: NameServer = 193.70.192.25 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\TRUST\Bluetooth Software\bin\btwdins.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Alternate data streams:
C:\WINDOWS\Prefetch\SYSTEM32 : VYITW.EXE-2E280696.pf (19844 bytes)

Silentrunners:
"Silent Runners.vbs", revision 46, http://www.silentrunners.org/
Operating System: Windows XP SP2
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"SweetIM" = "C:\Programmi\Macrogaming\SweetIM\SweetIM.exe" ["MacroGaming LTD."]
"MessengerPlus3" = ""C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart" ["Patchou"]
"msnmsgr" = "~"C:\Programmi\MSN Messenger\msnmsgr.exe" /background" [file not found]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"BluetoothAuthenticationAgent" = "rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent" [MS]
"snpstd" = "C:\WINDOWS\vsnpstd.exe" [empty string]
"DataLayer" = "C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE" ["Nokia Mobile Phones Ltd."]
"PCSuiteTrayApplication" = "C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE" [empty string]
"avast!" = "C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [null data]
"BDMCon" = ""C:\Programmi\Softwin\BitDefender8\bdmcon.exe"" ["SOFTWIN S.R.L."]
"BDNewsAgent" = ""C:\Programmi\Softwin\BitDefender8\bdnagent.exe"" [null data]
"VIRIT LITE MONITOR" = "C:\VEXPLITE\MONLITE.EXE" ["TG Soft S.a.s."]

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "AcroIEHlprObj Class"
\InProcServer32\(Default) = "C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "Estensione panoramica video del Pannello di controllo"
-> {HKLM...CLSID} = "Estensione panoramica video del Pannello di controllo"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Estensione di icona di HyperTerminal"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Estensione dell'icona del file di Outlook"
\InProcServer32\(Default) = "C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programmi\Microsoft Office\Office10\msohev.dll" [MS]
"{640167b4-59b0-47a6-b335-a6b3c0695aea}" = "Portable Media Devices"
-> {HKLM...CLSID} = "Portable Media Devices"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{B327765E-D724-4347-8B16-78AE18552FC3}" = "NeroDigitalIconHandler"
-> {HKLM...CLSID} = "NeroDigitalIconHandler Class"
\InProcServer32\(Default) = "C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{7F1CF152-04F8-453A-B34C-E609530A9DC8}" = "NeroDigitalPropSheetHandler"
-> {HKLM...CLSID} = "NeroDigitalPropSheetHandler Class"
\InProcServer32\(Default) = "C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]
"{B41DB860-8EE4-11D2-9906-E49FADC173CA}" = "WinRAR shell extension"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]
"{6af09ec9-b429-11d4-a1fb-0090960218cb}" = "My Bluetooth Places"
-> {HKLM...CLSID} = "Risorse di rete Bluetooth"
\InProcServer32\(Default) = "C:\WINDOWS\system32\btneighborhood.dll" ["WIDCOMM, Inc."]
"{40950107-FEA6-4d53-A65F-B2DCBA57DD58}" = "Nokia Phone Browser"
-> {HKLM...CLSID} = "Nokia Phone Browser"
\InProcServer32\(Default) = "C:\Programmi\Nokia\Nokia PC Suite 6\NokiaPhoneBrowser.dll" ["Nokia"]
"{FBFE7864-D495-41f0-B7DC-4BB601CC295E}" = "Contact View"
-> {HKLM...CLSID} = "Contact View"
\InProcServer32\(Default) = "C:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll" ["Nokia"]
"{472083B0-C522-11CF-8763-00608CC02F24}" = "avast"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Programmi\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
"{D653647D-D607-4DF6-A5B8-48D2BA195F7B}" = "BitDefender Antivirus v8"
-> {HKLM...CLSID} = "BitDefender Antivirus v8"
\InProcServer32\(Default) = "C:\Programmi\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]
"{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D}" = "Messenger Sharing Folders"
-> {HKLM...CLSID} = "Cartelle condivise"
\InProcServer32\(Default) = "C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll" [MS]

HKLM\Software\Classes\Folder\shellex\ColumnHandlers\
{7D4D6379-F301-4311-BEBA-E26EB0561882}\(Default) = "NeroDigitalExt.NeroDigitalColumnHandler"
-> {HKLM...CLSID} = "NeroDigitalColumnHandler Class"
\InProcServer32\(Default) = "C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll" ["Nero AG"]

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Programmi\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"
-> {HKLM...CLSID} = "BitDefender Antivirus v8"
\InProcServer32\(Default) = "C:\Programmi\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = "{472083B0-C522-11CF-8763-00608CC02F24}"
-> {HKLM...CLSID} = "avast"
\InProcServer32\(Default) = "C:\Programmi\Alwil Software\Avast4\ashShell.dll" ["ALWIL Software"]
BitDefender Antivirus v8\(Default) = "{D653647D-D607-4DF6-A5B8-48D2BA195F7B}"
-> {HKLM...CLSID} = "BitDefender Antivirus v8"
\InProcServer32\(Default) = "C:\Programmi\Softwin\BitDefender8\bdshelxt.dll" ["SOFTWIN S.R.L."]
WinRAR\(Default) = "{B41DB860-8EE4-11D2-9906-E49FADC173CA}"
-> {HKLM...CLSID} = "WinRAR"
\InProcServer32\(Default) = "C:\Programmi\WinRAR\rarext.dll" [null data]

Active Desktop and Wallpaper:
-----------------------------

Active Desktop is disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\WINDOWS\web\wallpaper\Colline.bmp"

Startup items in "Administrator" & "All Users" startup folders:
---------------------------------------------------------------

C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica
"C6 Messenger" -> shortcut to: "C:\Programmi\C6 Messenger\c6Messenger.exe" ["Icona SpA"]
"Stop Dialers" -> shortcut to: "C:\Programmi\StopDialers\StopDialer.exe" [null data]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica
"BTTray" -> shortcut to: "C:\Programmi\TRUST\Bluetooth Software\BTTray.exe" ["WIDCOMM, Inc."]
"Stop Dialers" -> shortcut to: "C:\Programmi\StopDialers\StopDialer.exe" [null data]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000004\LibraryPath = "%SystemRoot%\system32\wshbth.dll" [MS]

Transport Service Providers

HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 20
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programmi\google\googletoolbar1.dll" ["Google Inc."]

HKLM\Software\Microsoft\Internet Explorer\Toolbar\
"{EF99BD32-C1FB-11D2-892F-0090271D4F88}" = (no title provided)
-> {HKLM...CLSID} = "Yahoo! Toolbar"
\InProcServer32\(Default) = "C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll" ["Yahoo! Inc."]
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}" = (no title provided)
-> {HKLM...CLSID} = "&Google"
\InProcServer32\(Default) = "c:\programmi\google\googletoolbar1.dll" ["Google Inc."]

Explorer Bars

HKCU\Software\Microsoft\Internet Explorer\Explorer Bars\
{E10CA33E-A153-8E29-1F0D-76747590D591}\(Default) = (no title provided)
-> {HKLM...CLSID} = "JavaScript console"
\InProcServer32\(Default) = "C:\WINDOWS\hyqtt1.dll" [file not found]

Extensions (Tools menu items, main toolbar menu buttons)

HKLM\Software\Microsoft\Internet Explorer\Extensions\
{CCA281CA-C863-46EF-9331-5C8D4460577F}\
"ButtonText" = "@btrez.dll,-4015"
"MenuText" = "@btrez.dll,-4017"
"Script" = "C:\Programmi\TRUST\Bluetooth Software\btsendto_ie.htm" [null data]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programmi\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

avast! Antivirus, avast! Antivirus, ""C:\Programmi\Alwil Software\Avast4\ashServ.exe"" [null data]
avast! iAVS4 Control Service, aswUpdSv, ""C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"" [null data]
avast! Mail Scanner, avast! Mail Scanner, ""C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service" ["ALWIL Software"]
avast! Web Scanner, avast! Web Scanner, ""C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service" ["ALWIL Software"]
BitDefender Communicator, XCOMM, ""C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service" ["Softwin"]
BitDefender Scan Server, bdss, ""C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service" [null data]
Bluetooth Service, btwdins, "C:\Programmi\TRUST\Bluetooth Software\bin\btwdins.exe" ["WIDCOMM, Inc."]
Bluetooth Support Service, BthServ, "C:\WINDOWS\system32\svchost.exe -k bthsvcs" {"C:\WINDOWS\System32\bthserv.dll" [MS]}
Machine Debug Manager, MDM, ""C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"" [MS]
Servizio Messenger Sharing USN Journal Reader, usnsvc, "C:\WINDOWS\system32\svchost.exe -k usnsvc" {"C:\Programmi\MSN Messenger\usnsvc.dll" [MS]}
Virit eXplorer Lite, viritsvclite, "C:\VEXPLITE\viritsvc.exe" ["TG Soft Sas www.tgsoft.it"]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\System\CurrentControlSet\Control\Print\Monitors\
Porta stampante Bluetooth\Driver = "bthcrp.dll" ["WIDCOMM, Inc."]

----------
+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ The search for DESKTOP.INI DLL launch points on all local fixed drives
took 31 seconds.
+ The search for all Registry CLSIDs containing dormant Explorer Bars
took 30 seconds.
---------- (total run time: 151 seconds)

Rootkit di gmer:
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-07-10 17:34:14
Windows 5.1.2600 Service Pack 2

---- Devices - GMER 1.0.10 ----

Device \Driver\BTHUSB \Device\00000066 IRP_MJ_CREATE [F602EBB0] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_CLOSEIRP_MJ_READ [F605A990] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_INTERNAL_DEVICE_CONTROL [F602CF00] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_SHUTDOWN [F602DA70] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_CREATE_MAILSLOT [F602E920] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_SYSTEM_CONTROL [F605BEE0] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_DEVICE_CHANGE [F605C7B0] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_PNP_POWER [F605B3B0] bthport.sys
Device \Driver\BTHUSB \Device\00000068 IRP_MJ_CREATE [F602EBB0] bthport.sys
Device \Driver\BTHUSB \Device\00000068 IRP_MJ_CLOSEIRP_MJ_READ [F605A990] bthport.sys
Device \Driver\BTHUSB \Device\00000068 IRP_MJ_INTERNAL_DEVICE_CONTROL [F602CF00] bthport.sys
Device \Driver\BTHUSB \Device\00000068 IRP_MJ_SHUTDOWN [F602DA70] bthport.sys
Device \Driver\BTHUSB \Device\00000068 IRP_MJ_CREATE_MAILSLOT [F602E920] bthport.sys
Device \Driver\BTHUSB \Device\00000068 IRP_MJ_SYSTEM_CONTROL [F605BEE0] bthport.sys
Device \Driver\BTHUSB \Device\00000068 IRP_MJ_DEVICE_CHANGE [F605C7B0] bthport.sys
Device \Driver\BTHUSB \Device\00000068 IRP_MJ_PNP_POWER [F605B3B0] bthport.sys

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File C:\WINDOWS\hyqtt1.del
File C:\WINDOWS\hyqtt1.dll
File C:\WINDOWS\system32\com4.igp
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log
File D:\System Volume Information\_restore{2D8247C5-F923-4080-A2A5-C06D5543D82F}
File D:\System Volume Information\_restore{51B0E9B2-DDA4-44B2-A47F-A5BA2FFC7FB1}

---- EOF - GMER 1.0.10 ----

Autostar di gmer:
GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-07-10 17:35:32
Windows 5.1.2600 Service Pack 2

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\ >>>
Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,
Windows@AppInit_DLLs = \\?\C:\WINDOWS\system32\com4.igp

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
bdss /*BitDefender Scan Server*/@ = "C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service
btwdins /*Bluetooth Service*/@ = C:\Programmi\TRUST\Bluetooth Software\bin\btwdins.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe
XCOMM /*BitDefender Communicator*/@ = "C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@snpstdC:\WINDOWS\vsnpstd.exe = C:\WINDOWS\vsnpstd.exe
@DataLayerC:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE = C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
@PCSuiteTrayApplicationC:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE = C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@BDMCon"C:\Programmi\Softwin\BitDefender8\bdmcon.exe" = "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
@BDNewsAgent"C:\Programmi\Softwin\BitDefender8\bdnagent.exe" = "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@SweetIMC:\Programmi\Macrogaming\SweetIM\SweetIM.exe = C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
@MessengerPlus3"C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart = "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
@msnmsgr~"C:\Programmi\MSN Messenger\msnmsgr.exe" /background /*file not found*/ = ~"C:\Programmi\MSN Messenger\msnmsgr.exe" /background /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@(null) =
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/C:\WINDOWS\system32\btneighborhood.dll = C:\WINDOWS\system32\btneighborhood.dll
@{40950107-FEA6-4d53-A65F-B2DCBA57DD58} /*Nokia Phone Browser*/C:\Programmi\Nokia\Nokia PC Suite 6\NokiaPhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\NokiaPhoneBrowser.dll
@{FBFE7864-D495-41f0-B7DC-4BB601CC295E} /*Contact View*/C:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll = C:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} /*BitDefender Antivirus v8*/C:\Programmi\Softwin\BitDefender8\bdshelxt.dll = C:\Programmi\Softwin\BitDefender8\bdshelxt.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
BitDefender Antivirus v8@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Programmi\Softwin\BitDefender8\bdshelxt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
BitDefender Antivirus v8@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Programmi\Softwin\BitDefender8\bdshelxt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica >>>
C6 Messenger.lnk = C6 Messenger.lnk
Stop Dialers.lnk = Stop Dialers.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
BTTray.lnk = BTTray.lnk
Stop Dialers.lnk = Stop Dialers.lnk

---- EOF - GMER 1.0.10 ----

Quel giorno mi sa che c'era mia madre al pc che cercava sfondi per la mia tesina e se lo sarà preso in qualche sito...
Comunque ok non riavvio il computer finchè non mi dici tu.

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

OK, adesso è più chiaro, lo abbiamo in pugno Wink

Scarica The Avenger sul Desktop.
- Estrai l´eseguibile sul desktop.
- copia il contenuto di questa finestra negli appunto (CTRL+C)

montellina87 · Mortale pio Registrato: 09/07/06 17:42 Messaggi: 18

mi da un errore di sintassi su questo carattere - e non procede...

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

montellina87 · Mortale pio Registrato: 09/07/06 17:42 Messaggi: 18

dopo aver cliccato sul semaforo mi esce l'errore. I caratteri che forse non accetta sono questi "---" senza apici.
Credo si riferisca a questa parte dello script {E10CA33E-A153-8E29-1F0D-76747590D591} (i trattini in mezzo)

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

strano... vabbè, fa niente, tanto il file lo cancelliamo e la chiave non risulterà attiva. Poi andiamo a cercarla nel registro.

Fai lo script senza questa parte:

montellina87 · Mortale pio Registrato: 09/07/06 17:42 Messaggi: 18

allora ho inviato i primi due files ma com4.igp non riesco a zipparlo e non l'ho ancora mandato.Nel frattempo ho fatto il resto e questi sono i logs:

Logfile of HijackThis v1.99.1
Scan saved at 1.36.43, on 11/07/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\TRUST\Bluetooth Software\bin\btwdins.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vsnpstd.exe
C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Softwin\BitDefender8\bdmcon.exe
C:\Programmi\Softwin\BitDefender8\bdnagent.exe
C:\VEXPLITE\MONLITE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
C:\PROGRA~1\FILECO~1\PCSuite\Services\SERVIC~1.EXE
C:\Programmi\TRUST\Bluetooth Software\BTTray.exe
C:\VEXPLITE\viritsvc.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [VIRIT LITE MONITOR] C:\VEXPLITE\MONLITE.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SweetIM] C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Programmi\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: C6 Messenger.lnk = C:\Programmi\C6 Messenger\c6Messenger.exe
O4 - Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialer.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Stop Dialers.lnk = C:\Programmi\StopDialers\StopDialer.exe
O8 - Extra context menu item: &Cerca con Google - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Traduci parola in italiano - res://C:\Programmi\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a &Bluetooth - C:\Programmi\TRUST\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Link a ritroso - res://C:\Programmi\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pagine simili - res://C:\Programmi\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Versione cache della pagina - res://C:\Programmi\Google\GoogleToolbar1.dll/cmcache.html
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\TRUST\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmi\TRUST\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BB49E12-5953-4147-B9F2-92EE7B60C8B1}: NameServer = 193.70.192.25 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmi\TRUST\Bluetooth Software\bin\btwdins.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - C:\VEXPLITE\viritsvc.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Autostart:
GMER 1.0.10.10122 - http://www.gmer.net
Autostart 2006-07-11 01:40:28
Windows 5.1.2600 Service Pack 2

HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
aswUpdSv /*avast! iAVS4 Control Service*/@ = "C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe"
avast! Antivirus /*avast! Antivirus*/@ = "C:\Programmi\Alwil Software\Avast4\ashServ.exe"
bdss /*BitDefender Scan Server*/@ = "C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service
btwdins /*Bluetooth Service*/@ = C:\Programmi\TRUST\Bluetooth Software\bin\btwdins.exe
MDM /*Machine Debug Manager*/@ = "C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe"
Spooler /*Spooler di stampa*/@ = %SystemRoot%\system32\spoolsv.exe
UMWdf /*Windows User Mode Driver Framework*/@ = C:\WINDOWS\system32\wdfmgr.exe
viritsvclite /*Virit eXplorer Lite*/@ = C:\VEXPLITE\viritsvc.exe
XCOMM /*BitDefender Communicator*/@ = "C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@BluetoothAuthenticationAgentrundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
@snpstdC:\WINDOWS\vsnpstd.exe = C:\WINDOWS\vsnpstd.exe
@DataLayerC:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE = C:\PROGRA~1\FILECO~1\PCSuite\DATALA~1\DATALA~1.EXE
@PCSuiteTrayApplicationC:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE = C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@BDMCon"C:\Programmi\Softwin\BitDefender8\bdmcon.exe" = "C:\Programmi\Softwin\BitDefender8\bdmcon.exe"
@BDNewsAgent"C:\Programmi\Softwin\BitDefender8\bdnagent.exe" = "C:\Programmi\Softwin\BitDefender8\bdnagent.exe"
@VIRIT LITE MONITORC:\VEXPLITE\MONLITE.EXE = C:\VEXPLITE\MONLITE.EXE

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@SweetIMC:\Programmi\Macrogaming\SweetIM\SweetIM.exe = C:\Programmi\Macrogaming\SweetIM\SweetIM.exe
@MessengerPlus3"C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart = "C:\Programmi\MessengerPlus! 3\MsgPlus.exe" /WinStart
@msnmsgr~"C:\Programmi\MSN Messenger\msnmsgr.exe" /background /*file not found*/ = ~"C:\Programmi\MSN Messenger\msnmsgr.exe" /background /*file not found*/

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Estensione panoramica video del Pannello di controllo*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Pagina proprietà versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Versioni precedenti*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Cartelle Web*/C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\FILECO~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL = C:\Programmi\Microsoft Office\Office10\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Programmi\Microsoft Office\Office10\msohev.dll = C:\Programmi\Microsoft Office\Office10\msohev.dll
@{B327765E-D724-4347-8B16-78AE18552FC3} /*NeroDigitalIconHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{7F1CF152-04F8-453A-B34C-E609530A9DC8} /*NeroDigitalPropSheetHandler*/C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll = C:\Programmi\File comuni\Ahead\Lib\NeroDigitalExt.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Programmi\WinRAR\rarext.dll = C:\Programmi\WinRAR\rarext.dll
@(null) =
@{6af09ec9-b429-11d4-a1fb-0090960218cb} /*My Bluetooth Places*/C:\WINDOWS\system32\btneighborhood.dll = C:\WINDOWS\system32\btneighborhood.dll
@{40950107-FEA6-4d53-A65F-B2DCBA57DD58} /*Nokia Phone Browser*/C:\Programmi\Nokia\Nokia PC Suite 6\NokiaPhoneBrowser.dll = C:\Programmi\Nokia\Nokia PC Suite 6\NokiaPhoneBrowser.dll
@{FBFE7864-D495-41f0-B7DC-4BB601CC295E} /*Contact View*/C:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll = C:\Programmi\Nokia\Nokia PC Suite 6\ContactView.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Programmi\Alwil Software\Avast4\ashShell.dll = C:\Programmi\Alwil Software\Avast4\ashShell.dll
@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} /*BitDefender Antivirus v8*/C:\Programmi\Softwin\BitDefender8\bdshelxt.dll = C:\Programmi\Softwin\BitDefender8\bdshelxt.dll
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll = C:\Programmi\MSN Messenger\fsshext.8.0.0792.00.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
BitDefender Antivirus v8@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Programmi\Softwin\BitDefender8\bdshelxt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Programmi\Alwil Software\Avast4\ashShell.dll
BitDefender Antivirus v8@{D653647D-D607-4DF6-A5B8-48D2BA195F7B} = C:\Programmi\Softwin\BitDefender8\bdshelxt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Programmi\WinRAR\rarext.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} = C:\Programmi\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\sstext3d.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
cdo@CLSID = C:\Programmi\File comuni\Microsoft Shared\Web Folders\PKMCDO.DLL
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
ms-itss@CLSID = C:\Programmi\File comuni\Microsoft Shared\Information Retrieval\MSITSS.DLL
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\FILECO~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = %SystemRoot%\system32\wshbth.dll

C:\Documents and Settings\Administrator\Menu Avvio\Programmi\Esecuzione automatica >>>
C6 Messenger.lnk = C6 Messenger.lnk
Stop Dialers.lnk = Stop Dialers.lnk

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica >>>
BTTray.lnk = BTTray.lnk
Stop Dialers.lnk = Stop Dialers.lnk

---- EOF - GMER 1.0.10 ----

Rootkit:
GMER 1.0.10.10122 - http://www.gmer.net
Rootkit 2006-07-11 01:53:55
Windows 5.1.2600 Service Pack 2

---- Devices - GMER 1.0.10 ----

Device \Driver\BTHUSB \Device\00000066 IRP_MJ_CREATE [F602EBB0] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_CLOSEIRP_MJ_READ [F605A990] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_INTERNAL_DEVICE_CONTROL [F602CF00] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_SHUTDOWN [F602DA70] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_CREATE_MAILSLOT [F602E920] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_SYSTEM_CONTROL [F605BEE0] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_DEVICE_CHANGE [F605C7B0] bthport.sys
Device \Driver\BTHUSB \Device\00000066 IRP_MJ_PNP_POWER [F605B3B0] bthport.sys
Device \Driver\BTHUSB \Device\00000068 IRP_MJ_CREATE [F602EBB0] bthport.sys
Device \Driver\BTHUSB \Device\00000068 IRP_MJ_CLOSEIRP_MJ_READ [F605A990] bthport.sys
Device \Driver\BTHUSB \Device\00000068 IRP_MJ_INTERNAL_DEVICE_CONTROL [F602CF00] bthport.sys
Device \Driver\BTHUSB \Device\00000068 IRP_MJ_SHUTDOWN [F602DA70] bthport.sys
Device \Driver\BTHUSB \Device\00000068 IRP_MJ_CREATE_MAILSLOT [F602E920] bthport.sys
Device \Driver\BTHUSB \Device\00000068 IRP_MJ_SYSTEM_CONTROL [F605BEE0] bthport.sys
Device \Driver\BTHUSB \Device\00000068 IRP_MJ_DEVICE_CHANGE [F605C7B0] bthport.sys
Device \Driver\BTHUSB \Device\00000068 IRP_MJ_PNP_POWER [F605B3B0] bthport.sys

---- Files - GMER 1.0.10 ----

File C:\System Volume Information\MountPointManagerRemoteDatabase
File C:\System Volume Information\tracking.log
File D:\System Volume Information\MountPointManagerRemoteDatabase
File D:\System Volume Information\tracking.log
File D:\System Volume Information\_restore{2D8247C5-F923-4080-A2A5-C06D5543D82F}
File D:\System Volume Information\_restore{51B0E9B2-DDA4-44B2-A47F-A5BA2FFC7FB1}

---- EOF - GMER 1.0.10 ----

Grazie ancora!

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

bene, andiamo bene Very Happy

Grazie per l´invio dei file infetti: è confermato che si tratta di linkoptimizer
http://www.suspectfile.com/forum/viewtopic.php?t=152

Quei due file che hai inviato, puoi cancellarli. Per quanto riguarda il file com4.igp è un pochino più complicato, perchè probabilmente hai un file system NTFS.

Quel nome (come quelli del tipo prn#, lpt#) sono nomi riservati in windows e non si dovrebbero poter creare. Se ci provi infatti non riesci Smile

Per copiare/cancellare/rinominare uno di quei file in caso di NTFS occorre usare una particolare sintassi dei comand dos che bypassa il controllo di protezione sui nomi.

Prova così. Premi start >> Esegui e digita CMD (invio). Nella finestra di DOS che si apre digita ora esattamente:

REN \\.\c:\avenger\com4.igp back_com4.igp

fai attenzione agli spazi e alla sintassi. Se non ti viene prova a copiare/incollare quanto sopra in un nuovo file che crei con il blocco note e poi salvi con estensione bat (es forum.bat). Poi avvialo (clicca 2 volte)

Se il comando funziona adesso dovresti trovare il file back_com4.igp in C:\avenger che riuscirai a zippare e a mandare a www.suspectfile.com

Dopo, eliminalo Smile

PS: Riesci mica a ricordarti quali siti ha visitato tua madre quel giorno?

montellina87 · Mortale pio Registrato: 09/07/06 17:42 Messaggi: 18

Il file è diventato back_com4.igp però non riesco ancora a zipparlo...

Dink the Boss · Eroe in grazia degli dei Registrato: 03/07/06 10:33 Messaggi: 136

ma sto maledetto link optimizer vedo che ha colpito 1pò tutti...io per fortuna sono riuscito a toglierlo...segui i consigli di questo forum e vedi ke lo riesci a togliere ^^

quello ke posso consigliarti, è fare le scansioni con gli antivirus online...che ti trovano 1 bel pò di roba...

e usare ANTIVIR che a me ha trovato tanti file infetti ke altri antivirus non rilevavano Wink

ps: da dove si prende sto virus link optimizer? Question

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

mmm strano. Cliccaci sopra con il tasto destro e scegli proprietà dal menu.

Cerca il tab autorizzazioni e prova ad impostare al tuo utente il controllo completo su quel file.

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

montellina87 · Mortale pio Registrato: 09/07/06 17:42 Messaggi: 18

se clicco su proprietà c'è solo il tab generale...Comunque purtroppo non si ricorda precisamente in quale sito è andata perchè ne ha girati molti quel giorno

holifay · Dio maturo Registrato: 08/03/05 10:48 Messaggi: 2912 Residenza: Milano

che errore ti dà quando cerchi di zipparlo? Hai provato a riavviare?

montellina87 · Mortale pio Registrato: 09/07/06 17:42 Messaggi: 18

si ho riavviato.
mi da questo messaggio di errore:
! C:\Avenger\Nuovo Archivio WinRAR ZIP.zip: Impossibile aprire back_com4.igp
Accesso negato.