Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Nuova connesione di rete ke si autoinstalla
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
Clubboy
Mortale devoto
Mortale devoto


Registrato: 15/02/07 11:59
Messaggi: 10
MessaggioInviato: 09 Gen 2008 18:57    Oggetto: Nuova connesione di rete ke si autoinstalla Rispondi citando
Ciao a tutti!! Dopo un anno eccomi nuovamente qui con alcuni problemini tipo pc lento, navigazione molto difficoltosa ed una nuova connesione di rete ke si autoinstalla. Ho provato con le mie poche conoscenze informatiche a risitemare qualcosa, ma appena torno in rete sono punto e a capo:-(

Ho Windows xp, connessione con Alice e come antivirus sto utilizzando Avast (finora mi son trovato bene).
Vi lascio il file log prodotto con Hijackthis...

Grazie già da ora a chiunque per l'eventuale riposta o aiuto:-)

Logfile of HijackThis v1.99.1
Scan saved at 17.32.07, on 09/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\ZipGenius\zipgenius.exe
C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\ZGTemp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vivimilano.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [AcctMgr] C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Programmi\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 09 Gen 2008 22:53    Oggetto: Rispondi citando
Ciao Clubboy Smile
Avvia Hijackthis e seleziona a sinistra questa riga (nulla di pericoloso comunque):
Citazione:
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE

Clicca fix Checked rispondendo si.
Riavvia il PC e posta un nuovo log di HJT.
Guarda questa discussione relativa a Combofix, scaricalo e fai la scansione del PC, postando il risultato come indicato. Fai anche questi passi:
Scansione con GMER
Ricorda che i log di GMER sono due: Autostart e Rootkit. E non postarli quì perchè sono troppo lunghi. Ho visto che hai residui di Symantec antivirus se non sbaglio. Se vuoi eliminarlo completamente utilizza questo
Top
Profilo Invia messaggio privato
Clubboy
Mortale devoto
Mortale devoto


Registrato: 15/02/07 11:59
Messaggi: 10
MessaggioInviato: 10 Gen 2008 13:59    Oggetto: Ke caos... Rispondi citando
Ciao!! Grazie della risposta:-)
Ho fixato quella voce ke mi dicevi ed ho eliminato i residui di Norton...
Ho utilizzato alcuni tools consigliati tranne Gmer ke non son riuscito a scaricare...
Ma quando navigo ho tutt'ora enormi problemi:-(
Allego i file log di Hjt...

Logfile of HijackThis v1.99.1
Scan saved at 0.54.20, on 10/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe
C:\Programmi\Softwin\BitDefender10\vsserv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Softwin\BitDefender10\bdmcon.exe
C:\Programmi\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\ZipGenius\zipgenius.exe
C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\ZGTemp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-it10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vivimilano.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [AcctMgr] C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe /startup
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Programmi\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [BackupNotify] c:\Programmi\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AROReminder] C:\Programmi\Advanced Registry Optimizer\ARO.exe -rem
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\ccSetMgr.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FILECO~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Programmi\File comuni\Symantec Shared\SNDSrvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programmi\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 10 Gen 2008 14:07    Oggetto: Rispondi citando
Segui le istruzioni di questo topic per postare il log di combofix.
Top
Profilo Invia messaggio privato
Clubboy
Mortale devoto
Mortale devoto


Registrato: 15/02/07 11:59
Messaggi: 10
MessaggioInviato: 10 Gen 2008 14:08    Oggetto: Rispondi citando
Allego anche i file log di Findawf...

Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\WINDOWS\BAK

0 File 0 byte
2 Directory 57.731.985.408 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\HP\KBD\BAK

02/02/2005 15.44 61.440 KBD.EXE
1 File 61.440 byte
2 Directory 57.731.985.408 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\PROGRA~1\ITUNES\BAK

26/09/2007 13.42 267.064 iTunesHelper.exe
1 File 267.064 byte
2 Directory 57.731.981.312 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\PROGRA~1\MULTIM~1\BAK

10/12/2004 10.49 139.264 shwicon2k.exe
1 File 139.264 byte
2 Directory 57.731.981.312 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\PROGRA~1\QUICKT~1\BAK

29/06/2007 05.24 286.720 qttask.exe
1 File 286.720 byte
2 Directory 57.731.981.312 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\PROGRA~1\SYMNET~1\BAK

10/02/2007 13.29 95.960 SNDMon.exe
1 File 95.960 byte
2 Directory 57.731.981.312 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\WINDOWS\SMINST\BAK

13/09/2002 21.42 212.992 RECGUARD.EXE
1 File 212.992 byte
2 Directory 57.731.981.312 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\WINDOWS\SYSTEM\BAK

07/05/1998 16.04 52.736 hpsysdrv.exe
1 File 52.736 byte
2 Directory 57.731.981.312 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 23.39 15.360 ctfmon.exe
07/04/2003 07.07 114.688 hkcmd.exe
23/05/2003 02.57 483.328 hphmon05.exe
28/01/2002 11.48 885.760 LXSUPMON.EXE
4 File 1.499.136 byte
2 Directory 57.731.981.312 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK

04/12/2007 14.00 79.224 ashDisp.exe
1 File 79.224 byte
2 Directory 57.731.981.312 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\PROGRA~1\ATITEC~1\ATICON~1\BAK

01/11/2003 21.00 335.872 atiptaxx.exe
1 File 335.872 byte
2 Directory 57.731.981.312 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\PROGRA~1\GOOGLE\GOOGLE~1\BAK

05/08/2007 13.52 68.856 GoogleToolbarNotifier.exe
1 File 68.856 byte
2 Directory 57.731.977.216 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\PROGRA~1\HEWLET~1\{45B61~1\BAK

23/05/2003 03.03 49.152 hphupd05.exe
1 File 49.152 byte
2 Directory 57.731.977.216 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\PROGRA~1\HP\HPCORE~1\BAK

12/05/2004 14.18 241.664 hpcmpmgr.exe
1 File 241.664 byte
2 Directory 57.731.977.216 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\PROGRA~1\HP\HPSOFT~1\BAK

16/02/2005 22.11 49.152 HPWuSchd2.exe
1 File 49.152 byte
2 Directory 57.731.977.216 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\PROGRA~1\MICROS~2\OFFICE12\BAK

27/10/2006 00.47 31.016 GrooveMonitor.exe
1 File 31.016 byte
2 Directory 57.731.977.216 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\PROGRA~1\NORTON~1\PASSWO~1\BAK

25/02/2004 12.35 586.856 AcctMgr.exe
1 File 586.856 byte
2 Directory 57.731.977.216 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\PROGRA~1\FILECO~1\SONIC\UPDATE~1\BAK

19/08/2003 08.01 110.592 sgtray.exe
1 File 110.592 byte
2 Directory 57.731.977.216 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\PROGRA~1\HP\DIGITA~1\BIN\BAK

0 File 0 byte
2 Directory 57.731.977.216 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\PROGRA~1\HP\DIGITA~1\UNLOAD\BAK

07/10/2002 07.23 90.112 hpqcmon.exe
1 File 90.112 byte
2 Directory 57.731.977.216 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\PROGRA~1\JAVA\JRE16~3.0_0\BIN\BAK

25/09/2007 00.11 132.496 jusched.exe
1 File 132.496 byte
2 Directory 57.731.977.216 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\PROGRA~1\PHILIPS\PHILIP~1\BIN\BAK

15/09/2005 03.05 512.000 DeviceManager.exe
1 File 512.000 byte
2 Directory 57.731.977.216 byte disponibili
Il volume nell'unit? C ? GIANLUCA
Numero di serie del volume: B4A7-926A

Directory di C:\PROGRA~1\HPPAVI~1\PAVILION\XPHWWBP4\PLUGIN\BIN\BAK

01/01/2003 23.55 155.648 PCHButton.exe
1 File 155.648 byte
2 Directory 57.731.973.120 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

61440 2 Feb 2005 "C:\hp\KBD\bak\KBD.EXE"
14348 3 Jan 2008 "C:\Programmi\iTunes\iTunesHelper.exe"
267064 26 Sep 2007 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
102400 28 Sep 2007 "C:\WINDOWS\Installer\{B045B608-4A47-4C77-9EAD-06C394503306}\iTunesIco.exe"
116024 26 Sep 2007 "C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 7.4.3.1\iTunesSetupAdmin.exe"
14348 3 Jan 2008 "C:\Programmi\Multimedia Card Reader\shwicon2k.exe"
139264 10 Dec 2004 "C:\Programmi\Multimedia Card Reader\bak\shwicon2k.exe"
14348 3 Jan 2008 "C:\Programmi\QuickTime\qttask.exe"
286720 29 Jun 2007 "C:\Programmi\QuickTime\bak\qttask.exe"
14348 3 Jan 2008 "C:\Programmi\SymNetDrv\SNDMon.exe"
95960 10 Feb 2007 "C:\Programmi\SymNetDrv\bak\SNDMon.exe"
212992 13 Sep 2002 "C:\WINDOWS\SMINST\bak\RECGUARD.EXE"
52736 7 May 1998 "C:\WINDOWS\system\bak\hpsysdrv.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
114688 7 Apr 2003 "C:\WINDOWS\system32\bak\hkcmd.exe"
114688 7 Apr 2003 "C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\hkcmd.exe"
483328 23 May 2003 "C:\WINDOWS\system32\bak\hphmon05.exe"
14348 3 Jan 2008 "C:\WINDOWS\system32\LXSUPMON.EXE"
885760 28 Jan 2002 "C:\WINDOWS\system32\bak\LXSUPMON.EXE"
885760 28 Jan 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\3\LXSUPMON.EXE"
885760 28 Jan 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\lexmarklexmark_z25_z7de0\LXSUPMON.EXE"
79224 4 Dec 2007 "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
79224 4 Dec 2007 "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe"
14348 3 Jan 2008 "C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe"
335872 1 Nov 2003 "C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe"
52272 24 Apr 2007 "C:\Programmi\Google\googletoolbar1user.exe"
14348 3 Jan 2008 "C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
138168 24 Apr 2007 "C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe"
68856 5 Aug 2007 "C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe"
49152 23 May 2003 "C:\Programmi\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\bak\hphupd05.exe"
241664 12 May 2004 "C:\Programmi\HP\hpcoretech\bak\hpcmpmgr.exe"
14348 3 Jan 2008 "C:\Programmi\HP\HP Software Update\HPWuSchd2.exe"
49152 16 Feb 2005 "C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe"
65824 27 Oct 2006 "C:\Programmi\Microsoft Office\Office12\GrooveAuditService.exe"
31016 27 Oct 2006 "C:\Programmi\Microsoft Office\Office12\bak\GrooveMonitor.exe"
14348 3 Jan 2008 "C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe"
586856 25 Feb 2004 "C:\Programmi\Norton SystemWorks\Password Manager\bak\AcctMgr.exe"
110592 19 Aug 2003 "C:\Programmi\File comuni\Sonic\Update Manager\bak\sgtray.exe"
14348 3 Jan 2008 "C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe"
90112 7 Oct 2002 "C:\Programmi\HP\Digital Imaging\Unload\bak\hpqcmon.exe"
83608 14 Mar 2007 "C:\Programmi\Java\jre1.6.0_01\bin\jusched.exe"
132496 12 Jul 2007 "C:\Programmi\Java\jre1.6.0_02\bin\jusched.exe"
14348 3 Jan 2008 "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
132496 25 Sep 2007 "C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe"
318 1 Jan 2003 "C:\WINDOWS\Installer\{5D7F0A0E-369E-46C0-9F99-FAB21A064781}\DeviceDetector.exe"
512000 15 Sep 2005 "C:\Programmi\Philips\Philips Device Manager\bin\bak\DeviceManager.exe"
155648 1 Jan 2003 "C:\Programmi\HP Pavilion PC Help\Pavilion\XPHWWBP4\plugin\bin\bak\PCHButton.exe"
155648 7 Jun 2005 "C:\WINDOWS\PCHealth\HelpCtr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Pavilion\XPHWWBP4\plugin\bin\PCHButton.exe"


end of report.

Grazie anticipatamente per l'aiuto!
Top
Profilo Invia messaggio privato
Clubboy
Mortale devoto
Mortale devoto


Registrato: 15/02/07 11:59
Messaggi: 10
MessaggioInviato: 10 Gen 2008 14:41    Oggetto: Rispondi citando
E qui allego il file log di Combofix...

Spero di aver seguito bene le vostre iscruzioni anche se sono totalmente inesperto:-)

ComboFix 08-01-09.2 - Proprietario 2008-01-10 1.53.54.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1040.18.200 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Proprietario\Impostazioni locali\Temporary Internet Files\Content.IE5\WP2166EQ\ComboFix[1].exe
* Creato nuovo punto di ripristino
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll


((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\2vymcz2
C:\WINDOWS\Downloaded Program Files\7glthre
C:\WINDOWS\Downloaded Program Files\dHPnEqa
C:\WINDOWS\Downloaded Program Files\dHPnEqa\lxKbf.dat
C:\WINDOWS\Downloaded Program Files\LaVXGre
C:\WINDOWS\system32\system
C:\WINDOWS\system32\system\msxml4.dll
C:\WINDOWS\system32\system\msxml4r.dll

.
((((((((((((((((((((((((( Files Creati Da 2007-12-10 al 2008-01-10 )))))))))))))))))))))))))))))))))))
.

2008-01-10 01:52 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-10 01:31 . 2008-01-10 01:31 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Bitdefender
2008-01-10 01:30 . 2003-01-01 23:37 <DIR> d-------- C:\Documents and Settings\Administrator\WINDOWS
2008-01-10 01:30 . 2003-01-01 21:35 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di stampa
2008-01-10 01:30 . 2003-01-01 21:35 <DIR> d--h----- C:\Documents and Settings\Administrator\Risorse di rete
2008-01-10 01:30 . 2004-02-13 02:21 <DIR> dr------- C:\Documents and Settings\Administrator\Preferiti
2008-01-10 01:30 . 2004-02-13 02:21 <DIR> d--h----- C:\Documents and Settings\Administrator\Modelli
2008-01-10 01:30 . 2004-02-13 02:21 <DIR> dr------- C:\Documents and Settings\Administrator\Menu Avvio
2008-01-10 01:30 . 2003-01-01 21:35 <DIR> d--h----- C:\Documents and Settings\Administrator\Impostazioni locali
2008-01-10 01:30 . 2004-02-13 02:21 <DIR> dr------- C:\Documents and Settings\Administrator\Documenti
2008-01-10 01:30 . 2003-01-01 22:55 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Symantec
2008-01-10 01:30 . 2003-01-01 23:32 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\Sonic
2008-01-10 01:30 . 2003-01-02 00:02 <DIR> d-------- C:\Documents and Settings\Administrator\Dati applicazioni\SampleView
2008-01-10 01:30 . 2008-01-10 01:31 <DIR> dr-h----- C:\Documents and Settings\Administrator\Dati applicazioni
2008-01-09 21:33 . 2008-01-09 21:34 <DIR> d-------- C:\Programmi\Eusing Free Registry Cleaner
2008-01-09 21:22 . 2008-01-09 21:22 <DIR> d-------- C:\Documents and Settings\Proprietario\Dati applicazioni\Bitdefender
2008-01-09 21:22 . 2008-01-10 02:00 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-01-09 21:17 . 2008-01-09 21:17 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\BitDefender
2008-01-09 20:16 . 2008-01-09 20:16 <DIR> d-------- C:\Documents and Settings\Proprietario\Dati applicazioni\Sammsoft
2008-01-09 20:15 . 2008-01-09 20:15 <DIR> d-------- C:\Programmi\Advanced Registry Optimizer
2008-01-09 19:30 . 2008-01-09 19:35 <DIR> d-------- C:\Programmi\SpywareBlaster
2008-01-07 13:34 . 2008-01-07 14:07 151 --a------ C:\WINDOWS\wininit.ini

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 00:23 --------- d-----w C:\Programmi\File comuni\Symantec Shared
2008-01-09 23:53 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\ZipGenius
2008-01-03 22:05 --------- d-----w C:\Documents and Settings\Proprietario\Dati applicazioni\LimeWire
2008-01-03 21:50 --------- d-----w C:\Programmi\QuickTime
2008-01-03 21:50 --------- d-----w C:\Programmi\Multimedia Card Reader
2008-01-03 21:50 --------- d-----w C:\Programmi\iTunes
2007-12-12 15:56 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-11-11 18:05 --------- d-----w C:\Programmi\MSBuild
2007-11-11 18:05 --------- d-----w C:\Programmi\Microsoft Works
2007-11-11 18:03 --------- d-----w C:\Programmi\Microsoft.NET
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RecordNow!"="" []
"BackupNotify"="c:\Programmi\HP\Digital Imaging\bin\backupnotify.exe" [ ]
"NVIEW"="nview.dll" [2003-08-19 02:56 852038 C:\WINDOWS\system32\nview.dll]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 23:39 15360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-03 22:48 14348]
"AROReminder"="C:\Programmi\Advanced Registry Optimizer\ARO.exe" [2007-07-23 09:34 2084480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CamMonitor"="c:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe" [2008-01-03 22:48 14348]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-05 00:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2008-01-03 22:48 14348]
"Sunkist2k"="C:\Programmi\Multimedia Card Reader\shwicon2k.exe" [2008-01-03 22:48 14348]
"QD FastAndSafe"="" []
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [2008-01-03 22:48 14348]
"HP Software Update"="C:\Programmi\HP\HP Software Update\HPWuSchd2.exe" [2008-01-03 22:48 14348]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2008-01-03 22:48 14348]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2008-01-03 22:48 14348]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2008-01-03 22:48 14348]
"GrooveMonitor"="C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe" [2008-01-03 22:48 14348]
"BDMCon"="C:\Programmi\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
"BDAgent"="C:\Programmi\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="C:\PROGRA~1\Symantec\LIVEUP~1\SNDWarn.EXE" [ ]
"ALUAlert"="C:\Programmi\Symantec\LiveUpdate\ALUNotify.exe" [ ]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2005-10-20 17:11:43]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
HP Digital Imaging Monitor.lnk - C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe [2003-09-16 04:19:24]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli scecli

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
C:\Programmi\File comuni\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"NVSvc"=2 (0x2)
"NISUM"=2 (0x2)

R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2005-11-03 20:47]
S3 08d90671-1685-47ea-b0ab-64a2c7d4796c;08d90671-1685-47ea-b0ab-64a2c7d4796c;E:\Player\cds300.dll []
S3 qcusbmdm6k;MD-1 Proprietary USB Driver;C:\WINDOWS\system32\DRIVERS\qcusbmdm6k.sys [2006-09-21 14:42]
S3 qcusbnmea;MD-1 NMEA Port;C:\WINDOWS\system32\DRIVERS\qcusbnmea.sys [2006-09-21 14:42]
S3 qcusbser6k;MD-1 Diagnostic Port;C:\WINDOWS\system32\DRIVERS\qcusbser6k.sys [2006-09-21 14:42]
S3 USBSTOR;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\Info.exe folder.htt 480 480

.
Contenuto della cartella 'Scheduled Tasks'
"2008-01-10 01:00:00 C:\WINDOWS\Tasks\AEF765E991851631.job"
- c:\docume~1\propri~1\datiap~1\abouts~1\Browse third jugs.exe
"2007-09-28 18:45:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-01-10 01:02:22 C:\WINDOWS\Tasks\Pulitura disco.job"
- C:\WINDOWS\system32\cleanmgr.exe
"2008-01-04 14:50:05 C:\WINDOWS\Tasks\Spybot - Search & Destroy - Scheduled Task.job"
- C:\Programmi\Spybot - Search & Destroy\SpybotSD.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 02:02:50
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\sockspy.dll

PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.3156]
-> C:\WINDOWS\system32\sockspy.dll
.
Ora fine scansione: 2008-01-10 2:06:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-10 01:06:02
.
2008-01-09 23:01:41 --- E O F ---
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 10 Gen 2008 15:22    Oggetto: Rispondi citando
Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
Files to delete:
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\SymNetDrv\SNDMon.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\Tasks\AEF765E991851631.job
c:\docume~1\propri~1\datiap~1\abouts~1\Browse third jugs.exe

files to move:
C:\Programmi\iTunes\bak\iTunesHelper.exe | C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Multimedia Card Reader\bak\shwicon2k.exe | C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\Programmi\QuickTime\bak\qttask.exe | C:\Programmi\QuickTime\qttask.exe
C:\Programmi\SymNetDrv\bak\SNDMon.exe | C:\Programmi\SymNetDrv\SNDMon.exe
C:\WINDOWS\system32\bak\LXSUPMON.EXE | C:\WINDOWS\system32\LXSUPMON.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe | C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe | C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe | C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\Programmi\Norton SystemWorks\Password Manager\bak\AcctMgr.exe | C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe
C:\Programmi\HP\Digital Imaging\Unload\bak\hpqcmon.exe | C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe | C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.

Fai le scansioni con GMER e posta i logs su FreeFileHosting come indicato qui.

Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
Top
Profilo Invia messaggio privato
Clubboy
Mortale devoto
Mortale devoto


Registrato: 15/02/07 11:59
Messaggi: 10
MessaggioInviato: 10 Gen 2008 20:03    Oggetto: A quanto pare funzionano;-D Rispondi citando
Ho seguito le isruzioni del "dio" e il pc, oltre ad aver riaquistato la "solita" velocità, naviga tranquillamente... Chissà quali schifezze avevo precedentemente:-)

Allego file log di Avenger e di HJT

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\frpfvpnv

*******************

Script file located at: \??\C:\Documents and Settings\qghceruw.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\iTunes\iTunesHelper.exe deleted successfully.
File C:\Programmi\Multimedia Card Reader\shwicon2k.exe deleted successfully.
File C:\Programmi\QuickTime\qttask.exe deleted successfully.


Could not open file C:\Programmi\SymNetDrv\SNDMon.exe for deletion
Deletion of file C:\Programmi\SymNetDrv\SNDMon.exe failed!

Could not process line:
C:\Programmi\SymNetDrv\SNDMon.exe
Status: 0xc000003a

File C:\WINDOWS\system32\LXSUPMON.EXE deleted successfully.
File C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe deleted successfully.
File C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe deleted successfully.
File C:\Programmi\HP\HP Software Update\HPWuSchd2.exe deleted successfully.


Could not open file C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe for deletion
Deletion of file C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe failed!

Could not process line:
C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe
Status: 0xc000003a

File C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe deleted successfully.
File C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe deleted successfully.
File C:\WINDOWS\Tasks\AEF765E991851631.job deleted successfully.


Could not open file c:\docume~1\propri~1\datiap~1\abouts~1\Browse third jugs.exe for deletion
Deletion of file c:\docume~1\propri~1\datiap~1\abouts~1\Browse third jugs.exe failed!

Could not process line:
c:\docume~1\propri~1\datiap~1\abouts~1\Browse third jugs.exe
Status: 0xc000003a

File move operation C:\Programmi\iTunes\bak\iTunesHelper.exe|C:\Programmi\iTunes\iTunesHelper.exe completed successfully.
File move operation C:\Programmi\Multimedia Card Reader\bak\shwicon2k.exe|C:\Programmi\Multimedia Card Reader\shwicon2k.exe completed successfully.
File move operation C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe completed successfully.


Could not open file C:\Programmi\SymNetDrv\bak\SNDMon.exe for move operation
File move operation C:\Programmi\SymNetDrv\bak\SNDMon.exe|C:\Programmi\SymNetDrv\SNDMon.exe failed!

Could not process line:
C:\Programmi\SymNetDrv\bak\SNDMon.exe|C:\Programmi\SymNetDrv\SNDMon.exe
Status: 0xc000003a

File move operation C:\WINDOWS\system32\bak\LXSUPMON.EXE|C:\WINDOWS\system32\LXSUPMON.EXE completed successfully.
File move operation C:\Programmi\ATI Technologies\ATI Control Panel\bak\atiptaxx.exe|C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe completed successfully.
File move operation C:\Programmi\Google\GoogleToolbarNotifier\bak\GoogleToolbarNotifier.exe|C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe completed successfully.
File move operation C:\Programmi\HP\HP Software Update\bak\HPWuSchd2.exe|C:\Programmi\HP\HP Software Update\HPWuSchd2.exe completed successfully.


Could not open file C:\Programmi\Norton SystemWorks\Password Manager\bak\AcctMgr.exe for move operation
File move operation C:\Programmi\Norton SystemWorks\Password Manager\bak\AcctMgr.exe|C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe failed!

Could not process line:
C:\Programmi\Norton SystemWorks\Password Manager\bak\AcctMgr.exe|C:\Programmi\Norton SystemWorks\Password Manager\AcctMgr.exe
Status: 0xc000003a

File move operation C:\Programmi\HP\Digital Imaging\Unload\bak\hpqcmon.exe|C:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe completed successfully.
File move operation C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe|C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Logfile of HijackThis v1.99.1
Scan saved at 15.48.12, on 10/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Softwin\BitDefender10\bdmcon.exe
C:\Programmi\Softwin\BitDefender10\bdagent.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\Programmi\a-squared Anti-Dialer\a2adguard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\a-squared Anti-Dialer\a2service.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\Softwin\BitDefender10\vsserv.exe
C:\Programmi\ZipGenius\zipgenius.exe
C:\DOCUME~1\PROPRI~1\IMPOST~1\Temp\ZGTemp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-it10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.vivimilano.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-it10.hpwis.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar1.dll
O4 - HKLM\..\Run: [CamMonitor] c:\Programmi\HP\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [HP Software Update] C:\Programmi\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Programmi\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Programmi\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [a-squared] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe"
O4 - HKLM\..\Run: [a-squared Anti-Dialer] "C:\Programmi\a-squared Anti-Dialer\a2adguard.exe" /d=60
O4 - HKCU\..\Run: [BackupNotify] c:\Programmi\HP\Digital Imaging\bin\backupnotify.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Programmi\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Invia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: I&nvia a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Programmi\File comuni\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FILECO~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: a-squared Anti-Dialer Service (a2AntiDialer) - Emsi Software GmbH - C:\Programmi\a-squared Anti-Dialer\a2service.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Programmi\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

E ora aggiungo i link dei file log di Gmer e di Kaspersky:
www.freefilehosting.net/files/3a82h
www.freefilehosting.net/files/3a82m
www.freefilehosting.net/files/3a87e

A me sembra di essere a posto ma se devo fare altro mi rimetto all'opera:-)
Grazie mileeee!!!!
Top
Profilo Invia messaggio privato
Sante62
Dio maturo
Dio maturo


Registrato: 27/06/07 17:55
Messaggi: 3477
Residenza: Floridia
MessaggioInviato: 11 Gen 2008 12:29    Oggetto: Rispondi citando
OK, anche se il log Rootkit di GMER presenta il ixanxgan.sys di cui non sono riuscito a trovare nulla. Ma non dovrebbe essere pericoloso.
Gli altri log sono a posto. Utilizza ATF Cleaner serve a ripulire la cache di internet.
Avvialo e clicca su Select All e poi su Empty selected. Fai la stessa cosa con Firefox o Opera se li hai installati come browser, dal menu principale di ATF Cleaner. Deframmenta anche il disco.
Top
Profilo Invia messaggio privato
Clubboy
Mortale devoto
Mortale devoto


Registrato: 15/02/07 11:59
Messaggi: 10
MessaggioInviato: 11 Gen 2008 18:04    Oggetto: Siete dei grandi;-D Rispondi citando
Ehi grazie mille ancora!!!! Seguirò gli ultimi consigli...
Ciao Very Happy Very Happy Very Happy
Top
Profilo Invia messaggio privato
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 11 Gen 2008 22:30    Oggetto: Rispondi
Sante62 ha scritto:
OK, anche se il log Rootkit di GMER presenta il ixanxgan.sys di cui non sono riuscito a trovare nulla. Ma non dovrebbe essere pericoloso.

Era il servizio creato da avenger per eseguire le istruzioni impostate. Razz
Rifai il log di FindAWF perché mi sembra che qualcosa sia sfuggito. Think
Probabilmente ho sbagliato qualche comando. Razz
Top
Profilo Invia messaggio privato
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi