Olimpo Informatico

[nelmiopiccolofacciogiuoco]

salve...ho un problema col mio pc...è impallato completamente..avevo il kaspersky ma dopo un mesetto ha cominciato a darmi problemi primo fra tutti il processo avp.exe ke utilizzava un sacco di memoria impallandomi il pc, in piu mi si aprivano finestre strane ke mi riportavano a vari siti internet.ho installato il nod e quel processo nn c'è piu adesso...facendo la scansione mi ha trovato un sacco di trojan ke ho eliminato ma le finestre di internet si aprono ugualmente e il pc è ancora molto lento...potreste aiutarmi??? grazie

[nelmiopiccolofacciogiuoco]

ah dimenticavo...è normale ke il processo nod32krn.exe utilizzi25000kb di memoria???

[Sante62]

Ciao nelmiopiccolofacciogiuoco
Inizia col guardare questa discussione
per postare un log di Hijackthis. Fai anche una Scansione con FindAWF

[nelmiopiccolofacciogiuoco]

ti ringrazio... cmq ti posto i log fatti con hijack thise con findawf

Logfile of HijackThis v1.99.1
Scan saved at 19.12.01, on 30/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Giovanni\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer fornito da Alice
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {0062614A-1AC2-42D3-9954-95F9C3EFE4FA} - C:\WINDOWS\system32\apphelpl.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {33EC7C72-7462-4736-A370-46062140A39E} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37A6DAAB-C954-4D6F-B39B-502A88E7E389}: NameServer = 85.37.17.51 85.38.28.97
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe






Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 44B5-4B1B

Directory di C:\WINDOWS\BAK

02/07/2002 18.22 1.540.096 NewMixer.exe
1 File 1.540.096 byte
2 Directory 70.313.938.944 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 44B5-4B1B

Directory di C:\PROGRA~1\D-TOOLS\BAK

22/08/2004 17.05 81.920 daemon.exe
1 File 81.920 byte
2 Directory 70.313.938.944 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 44B5-4B1B

Directory di C:\PROGRA~1\JAVA\JRE16~1.0_0\BIN\BAK

25/09/2007 01.11 132.496 jusched.exe
1 File 132.496 byte
2 Directory 70.313.934.848 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

1540096 2 Jul 2002 "C:\WINDOWS\NewMixer.exe"
1540096 2 Jul 2002 "C:\WINDOWS\bak\NewMixer.exe"
81920 22 Aug 2004 "C:\Programmi\D-Tools\daemon.exe"
81920 22 Aug 2004 "C:\Programmi\D-Tools\bak\daemon.exe"
132496 25 Sep 2007 "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
132496 25 Sep 2007 "C:\Programmi\Java\jre1.6.0_03\bin\bak\jusched.exe"


end of report



spero di nn aver sbagliato nulla....grazie ancora

[Sante62]

Qualcosina si vede....ma niente di particolare..
Guarda questa discussione
relativa a Combofix, e fai la scansione del PC postando il risultato come indicato.

[nelmiopiccolofacciogiuoco]

ComboFix 08-01-31.1 - Giovanni 2008-01-30 22.38.14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.257 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Giovanni\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2007-12-28 al 2008-01-31 )))))))))))))))))))))))))))))))))))
.

2008-01-30 10:36 . 2008-01-30 10:36 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-01-30 10:36 . 2008-01-30 10:36 274,432 --a------ C:\WINDOWS\system32\imon.dll
2008-01-29 18:24 . 2008-01-29 18:24 <DIR> d-------- C:\Programmi\EA GAMES
2008-01-29 18:24 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-01-29 14:35 . 2008-01-29 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-01-27 20:32 . 2008-01-27 20:32 <DIR> d-------- C:\Programmi\CCleaner
2008-01-27 18:52 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-27 18:51 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\foeuplpidcxt.sys
2008-01-27 18:29 . 2008-01-27 18:29 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-27 18:29 . 2008-01-27 18:29 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-27 18:28 . 2008-01-27 19:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-27 18:28 . 2008-01-27 18:29 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-27 15:53 . 2008-01-27 15:51 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-27 15:51 . 2008-01-28 09:54 <DIR> d-------- C:\Documents and Settings\Giovanni\.housecall6.6
2008-01-25 21:02 . 2008-01-25 21:02 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\ArcSoft
2008-01-25 21:01 . 2008-01-25 21:01 <DIR> d--h----- C:\C_DILLA
2008-01-25 21:01 . 2008-01-25 21:01 112,128 -r-h----- C:\WINDOWS\CdaC14BA.DLL
2008-01-25 21:01 . 2008-01-25 21:01 39,936 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-01-25 21:01 . 2008-01-25 21:01 30,720 -r-h----- C:\WINDOWS\CdaC13BA.EXE
2008-01-25 21:01 . 2008-01-25 21:01 8,864 --a------ C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2008-01-25 21:00 . 2008-01-25 21:00 <DIR> d-------- C:\Programmi\ArcSoft
2008-01-25 21:00 . 2001-08-23 16:25 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-01-25 21:00 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-01-25 21:00 . 1998-07-21 20:29 21 --a------ C:\WINDOWS\PI5_SETUP.ini
2008-01-23 11:05 . 2008-01-23 11:05 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\Grisoft
2008-01-23 00:38 . 2008-01-23 00:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-01-23 00:38 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-18 16:09 . 2008-01-18 16:09 <DIR> d-------- C:\Programmi\Lavasoft
2008-01-18 16:09 . 2008-01-18 16:09 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-01-18 16:09 . 2008-01-18 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-01-17 17:10 . 2008-01-17 17:10 <DIR> d-------- C:\WINDOWS\bak
2008-01-16 13:39 . 2008-01-16 13:39 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-16 12:00 . 19,584 C:\WINDOWS\system32\drivers\ymbeygle.dat
2008-01-16 11:05 . 2008-01-23 11:35 <DIR> d-------- C:\WINDOWS\system32\AppCert
2008-01-16 11:04 . 2004-08-30 21:00 83,968 --a------ C:\WINDOWS\system32\apphelpl.dll
2008-01-14 22:38 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-01-14 22:38 . 2008-01-14 22:38 424 --a------ C:\WINDOWS\ODBC.INI
2008-01-14 22:37 . 2008-01-14 22:37 <DIR> d-------- C:\Programmi\Microsoft.NET
2008-01-14 22:36 . 2008-01-14 22:36 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-01-09 12:35 . 2008-01-09 12:35 <DIR> d-------- C:\Documents and Settings\NetworkService\Dati applicazioni\Xfire
2008-01-09 12:29 . 2008-01-09 12:29 <DIR> d-------- C:\Programmi\Xfire
2008-01-09 12:29 . 2008-01-09 13:04 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\Xfire
2008-01-09 12:21 . 2008-01-09 12:27 <DIR> d-------- C:\Programmi\The All-Seeing Eye
2008-01-08 19:38 . 2008-01-08 19:38 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\AdobeUM
2008-01-08 19:35 . 2008-01-08 19:35 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-01-02 19:12 . 2008-01-02 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Bluetooth
2008-01-02 19:12 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-01-02 19:12 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-01-02 19:10 . 2008-01-02 19:10 <DIR> d-------- C:\Programmi\IVT Corporation
2008-01-02 19:10 . 2004-09-21 18:18 148,830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys
2007-12-27 18:28 . 2007-12-27 18:28 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\Nokia Multimedia Player
2007-12-23 17:50 . 2008-01-14 14:55 <DIR> d-------- C:\Programmi\Google
2007-12-22 19:38 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-21 15:53 . 2007-12-21 15:53 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2007-12-21 15:53 . 2007-12-21 15:53 <DIR> d-------- C:\Programmi\File comuni\Nokia
2007-12-21 15:51 . 2007-12-21 15:51 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2007-12-21 15:50 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-12-21 15:50 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-12-21 15:50 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-12-21 15:50 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-12-21 15:50 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-12-21 15:37 . 2007-12-21 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2007-12-21 15:07 . 2001-08-28 17:59 41,728 --a------ C:\WINDOWS\system32\CNBJHLP.HLP
2007-12-21 15:07 . 2001-08-28 17:59 990 --a------ C:\WINDOWS\system32\CNBJHLP.CNT
2007-12-21 14:33 . 2007-12-22 10:48 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\Nokia
2007-12-21 14:33 . 2007-12-21 14:33 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\DataLayer
2007-12-21 14:32 . 2008-01-26 12:24 <DIR> d-------- C:\Documents and Settings\Giovanni\Phone Browser
2007-12-21 14:30 . 2007-12-21 15:55 <DIR> d-------- C:\Programmi\DIFX
2007-12-21 14:29 . 2007-12-21 15:50 <DIR> d-------- C:\Programmi\Nokia
2007-12-21 14:29 . 2008-01-26 12:24 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\PC Suite
2007-12-21 14:29 . 2007-12-21 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2007-12-21 14:29 . 2007-12-21 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations
2007-12-21 14:29 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-12-16 12:54 . 2007-12-16 12:54 276 --a------ C:\WINDOWS\game.ini
2007-12-16 12:51 . 2007-12-16 12:51 <DIR> d-------- C:\Programmi\Activision
2007-12-16 12:49 . 2007-12-16 12:49 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-16 12:47 . 2007-12-16 12:47 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-12-16 12:47 . 2008-01-27 20:26 <DIR> d-------- C:\Programmi\D-Tools
2007-12-16 12:47 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-12-16 12:47 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-12-15 14:42 . 2007-12-15 14:42 1,142 --a------ C:\WINDOWS\mozver.dat
2007-12-15 14:39 . 2007-12-15 14:39 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-12 13:01 . 2007-12-12 13:01 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\vlc
2007-12-12 13:01 . 2008-01-30 21:02 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-12 13:00 . 2007-12-12 13:00 <DIR> d-------- C:\Programmi\VideoLAN
2007-12-12 12:46 . 2007-12-12 12:46 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\Nero
2007-12-12 12:38 . 2007-12-12 12:38 <DIR> d-------- C:\Programmi\Nero
2007-12-12 12:38 . 2007-12-12 12:43 <DIR> d-------- C:\Programmi\File comuni\Nero
2007-12-12 12:38 . 2007-12-12 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Nero
2007-12-12 11:34 . 2008-01-11 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2007-12-11 21:12 . 2004-08-30 21:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-11 21:00 . 2007-12-11 21:00 <DIR> d-------- C:\Programmi\Windows Live
2007-12-11 21:00 . 2008-01-08 22:14 <DIR> d-------- C:\Programmi\Messenger Plus! Live
2007-12-11 20:21 . 2008-01-30 20:56 <DIR> d-------- C:\Programmi\eMule
2007-12-11 19:59 . 2007-12-11 19:59 268 --ah----- C:\sqmdata00.sqm
2007-12-11 19:59 . 2007-12-11 19:59 244 --ah----- C:\sqmnoopt00.sqm
2007-12-11 19:55 . 2008-01-27 17:07 <DIR> d-------- C:\Documents and Settings\Giovanni\Contacts
2007-12-11 19:01 . 2007-12-21 15:55 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-11 19:01 . 2008-01-08 22:14 <DIR> d-------- C:\Programmi\MSN Messenger

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 12:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-30 12:06 --------- d-----w C:\Programmi\Alice ti aiuta
2008-01-25 20:00 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-18 15:18 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-16 11:55 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-16 11:49 --------- d-----w C:\Programmi\File comuni\InstallShield
2007-12-11 17:59 --------- d-----w C:\Programmi\Java
2007-12-11 17:57 --------- d-----w C:\Programmi\File comuni\Java
2007-12-11 17:44 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-12-11 17:44 --------- d-----w C:\Programmi\PCI Audio Applications
2007-12-11 17:37 --------- d-----w C:\Programmi\File comuni\SpeechEngines
2007-12-11 17:37 --------- d-----w C:\Programmi\File comuni\ODBC
2007-12-11 17:00 --------- d-----w C:\Programmi\Idf
2007-12-11 17:00 --------- d-----w C:\Programmi\File comuni\Motive
2007-12-11 17:00 --------- d-----w C:\Programmi\Common Files
2007-12-11 16:59 155,995 ----a-w C:\WINDOWS\java\Packages\Y8HJ35V9.ZIP
2007-12-11 16:57 --------- d-----w C:\Programmi\Telecom Italia
2007-12-11 16:52 --------- d-----w C:\Programmi\Kaspersky Lab
2007-12-11 16:50 --------- d--h--w C:\Programmi\Uninstall Information
2007-12-11 16:46 --------- d-----w C:\Programmi\microsoft frontpage
2007-12-11 16:44 --------- d-----w C:\Programmi\Servizi in linea
2007-12-11 16:43 --------- d-----w C:\Programmi\File comuni\MSSoap
2004-10-27 15:05 22,144 ----a-w C:\WINDOWS\inf\other\ADM851X.sys
2004-10-27 15:05 22,144 ----a-w C:\WINDOWS\inf\ADM851X.sys
2001-11-23 12:08 712,704 ----a-w C:\WINDOWS\inf\other\audio3d.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0062614A-1AC2-42D3-9954-95F9C3EFE4FA}]
2004-08-30 21:00 83968 --a------ C:\WINDOWS\system32\apphelpl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-01-30 10:36 921600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-30 21:00 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=C:\WINDOWS\pss\Alice ti aiuta.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 10:25 6731312 C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-08-03 12:51 202024 C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-07-02 18:22 1540096 C:\WINDOWS\NewMixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Programmi\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-12-12 14:02 5674352 C:\Programmi\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 09:25 1828136 C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 10:12 695808 C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2007-11-07 17:35 1294336 C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_EXPAND_SZ C:\WINDOWS\system32\AppCert\wsil32.dll

R0 zouoikve;zouoikve;C:\WINDOWS\system32\drivers\ymbeygle.dat []
R3 ADM851X;IDF Alice Gate 2 plus USB;C:\WINDOWS\system32\DRIVERS\ADM851X.SYS [2004-10-27 16:05]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 22:41:02
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-01-31 22.42.17

[nelmiopiccolofacciogiuoco]

nn so se può essere d'aiuto o centra qlcs ma dopo la scansione con il combofix mi si è creata un'icona di internet explorer sul desktop...grazie ancora

[Sante62]

[nelmiopiccolofacciogiuoco]

era solo xk prima qll'icona nn c'era...cmq...

Direct Link:

1) http://www.freefilehosting.net/download/3b94m

2) http://www.freefilehosting.net/download/3b95j

[Sante62]

Scarica The Avenger
Scompattalo in una sua cartella in c:\
Avvialo
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[nelmiopiccolofacciogiuoco]

adesso mi si disconnette da solo...


Logfile of HijackThis v1.99.1
Scan saved at 19.56.24, on 31/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Eset\nod32kui.exe
C:\Programmi\Eset\bak\nod32kui.exe
C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Programmi\Eset\nod32krn.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Giovanni\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://gw.aliceadsl.it/home
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: (no name) - {0062614A-1AC2-42D3-9954-95F9C3EFE4FA} - C:\WINDOWS\system32\apphelpl.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [nod32kui] "C:\Programmi\Eset\nod32kui.exe" /WAITSERVICE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: Alice - {33EC7C72-7462-4736-A370-46062140A39E} - http://gw.aliceadsl.it/alice (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{37A6DAAB-C954-4D6F-B39B-502A88E7E389}: NameServer = 85.37.17.51 85.38.28.97
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: C-DillaCdaC11BA - C-Dilla Ltd - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Programmi\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Programmi\File comuni\Nero\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Programmi\Eset\nod32krn.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe

[nelmiopiccolofacciogiuoco]

Direct Link:
31_01_2008_20_12_report.zip





-------
edit by ioSOLOio

messo a posto il link

[nelmiopiccolofacciogiuoco]

qnd mi disconnette mi appare una schermata di errore con su scritto: generic hosts process for win 32 services...formatto?

[Sante62]

C'è sempre tempo per formattare...
Mentre io analizzo il report, tu cortesemente mi invii il risultato dell'operazione di Avenger? Lo trovi su C:\Avenger.txt...

[nelmiopiccolofacciogiuoco]

ComboFix 08-01-31.1 - Giovanni 2008-01-30 22.38.14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.257 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Giovanni\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2007-12-28 al 2008-01-31 )))))))))))))))))))))))))))))))))))
.

2008-01-30 10:36 . 2008-01-30 10:36 502,368 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-01-30 10:36 . 2008-01-30 10:36 274,432 --a------ C:\WINDOWS\system32\imon.dll
2008-01-29 18:24 . 2008-01-29 18:24 <DIR> d-------- C:\Programmi\EA GAMES
2008-01-29 18:24 . 2004-08-18 09:34 442,368 -ra------ C:\WINDOWS\system32\vp6vfw.dll
2008-01-29 14:35 . 2008-01-29 14:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-01-27 20:32 . 2008-01-27 20:32 <DIR> d-------- C:\Programmi\CCleaner
2008-01-27 18:52 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-01-27 18:51 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\foeuplpidcxt.sys
2008-01-27 18:29 . 2008-01-27 18:29 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico
2008-01-27 18:29 . 2008-01-27 18:29 1,406 --a------ C:\WINDOWS\system32\Help.ico
2008-01-27 18:28 . 2008-01-27 19:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-01-27 18:28 . 2008-01-27 18:29 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-01-27 15:53 . 2008-01-27 15:51 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-01-27 15:51 . 2008-01-28 09:54 <DIR> d-------- C:\Documents and Settings\Giovanni\.housecall6.6
2008-01-25 21:02 . 2008-01-25 21:02 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\ArcSoft
2008-01-25 21:01 . 2008-01-25 21:01 <DIR> d--h----- C:\C_DILLA
2008-01-25 21:01 . 2008-01-25 21:01 112,128 -r-h----- C:\WINDOWS\CdaC14BA.DLL
2008-01-25 21:01 . 2008-01-25 21:01 39,936 --a------ C:\WINDOWS\system32\drivers\CDAC11BA.EXE
2008-01-25 21:01 . 2008-01-25 21:01 30,720 -r-h----- C:\WINDOWS\CdaC13BA.EXE
2008-01-25 21:01 . 2008-01-25 21:01 8,864 --a------ C:\WINDOWS\system32\drivers\CDAC15BA.SYS
2008-01-25 21:00 . 2008-01-25 21:00 <DIR> d-------- C:\Programmi\ArcSoft
2008-01-25 21:00 . 2001-08-23 16:25 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-01-25 21:00 . 1995-07-31 13:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-01-25 21:00 . 1998-07-21 20:29 21 --a------ C:\WINDOWS\PI5_SETUP.ini
2008-01-23 11:05 . 2008-01-23 11:05 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\Grisoft
2008-01-23 00:38 . 2008-01-23 00:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Grisoft
2008-01-23 00:38 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-18 16:09 . 2008-01-18 16:09 <DIR> d-------- C:\Programmi\Lavasoft
2008-01-18 16:09 . 2008-01-18 16:09 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-01-18 16:09 . 2008-01-18 16:21 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Lavasoft
2008-01-17 17:10 . 2008-01-17 17:10 <DIR> d-------- C:\WINDOWS\bak
2008-01-16 13:39 . 2008-01-16 13:39 <DIR> d--h----- C:\WINDOWS\PIF
2008-01-16 12:00 . 19,584 C:\WINDOWS\system32\drivers\ymbeygle.dat
2008-01-16 11:05 . 2008-01-23 11:35 <DIR> d-------- C:\WINDOWS\system32\AppCert
2008-01-16 11:04 . 2004-08-30 21:00 83,968 --a------ C:\WINDOWS\system32\apphelpl.dll
2008-01-14 22:38 . 2003-06-19 01:31 17,920 --a------ C:\WINDOWS\system32\mdimon.dll
2008-01-14 22:38 . 2008-01-14 22:38 424 --a------ C:\WINDOWS\ODBC.INI
2008-01-14 22:37 . 2008-01-14 22:37 <DIR> d-------- C:\Programmi\Microsoft.NET
2008-01-14 22:36 . 2008-01-14 22:36 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-01-09 12:35 . 2008-01-09 12:35 <DIR> d-------- C:\Documents and Settings\NetworkService\Dati applicazioni\Xfire
2008-01-09 12:29 . 2008-01-09 12:29 <DIR> d-------- C:\Programmi\Xfire
2008-01-09 12:29 . 2008-01-09 13:04 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\Xfire
2008-01-09 12:21 . 2008-01-09 12:27 <DIR> d-------- C:\Programmi\The All-Seeing Eye
2008-01-08 19:38 . 2008-01-08 19:38 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\AdobeUM
2008-01-08 19:35 . 2008-01-08 19:35 <DIR> d-------- C:\Programmi\File comuni\Adobe
2008-01-02 19:12 . 2008-01-02 19:12 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Bluetooth
2008-01-02 19:12 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-01-02 19:12 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-01-02 19:10 . 2008-01-02 19:10 <DIR> d-------- C:\Programmi\IVT Corporation
2008-01-02 19:10 . 2004-09-21 18:18 148,830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys
2007-12-27 18:28 . 2007-12-27 18:28 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\Nokia Multimedia Player
2007-12-23 17:50 . 2008-01-14 14:55 <DIR> d-------- C:\Programmi\Google
2007-12-22 19:38 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2007-12-21 15:53 . 2007-12-21 15:53 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2007-12-21 15:53 . 2007-12-21 15:53 <DIR> d-------- C:\Programmi\File comuni\Nokia
2007-12-21 15:51 . 2007-12-21 15:51 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2007-12-21 15:50 . 2007-02-22 10:15 137,216 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-12-21 15:50 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-12-21 15:50 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-12-21 15:50 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-12-21 15:50 . 2007-02-22 10:15 8,320 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-12-21 15:37 . 2007-12-21 15:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2007-12-21 15:07 . 2001-08-28 17:59 41,728 --a------ C:\WINDOWS\system32\CNBJHLP.HLP
2007-12-21 15:07 . 2001-08-28 17:59 990 --a------ C:\WINDOWS\system32\CNBJHLP.CNT
2007-12-21 14:33 . 2007-12-22 10:48 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\Nokia
2007-12-21 14:33 . 2007-12-21 14:33 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\DataLayer
2007-12-21 14:32 . 2008-01-26 12:24 <DIR> d-------- C:\Documents and Settings\Giovanni\Phone Browser
2007-12-21 14:30 . 2007-12-21 15:55 <DIR> d-------- C:\Programmi\DIFX
2007-12-21 14:29 . 2007-12-21 15:50 <DIR> d-------- C:\Programmi\Nokia
2007-12-21 14:29 . 2008-01-26 12:24 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\PC Suite
2007-12-21 14:29 . 2007-12-21 14:30 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2007-12-21 14:29 . 2007-12-21 15:53 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Downloaded Installations
2007-12-21 14:29 . 2007-02-22 10:15 90,624 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-12-16 12:54 . 2007-12-16 12:54 276 --a------ C:\WINDOWS\game.ini
2007-12-16 12:51 . 2007-12-16 12:51 <DIR> d-------- C:\Programmi\Activision
2007-12-16 12:49 . 2007-12-16 12:49 <DIR> d--hs---- C:\WINDOWS\ftpcache
2007-12-16 12:47 . 2007-12-16 12:47 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-12-16 12:47 . 2008-01-27 20:26 <DIR> d-------- C:\Programmi\D-Tools
2007-12-16 12:47 . 2004-08-22 16:31 155,136 --a------ C:\WINDOWS\system32\drivers\d347bus.sys
2007-12-16 12:47 . 2004-08-22 16:31 5,248 --a------ C:\WINDOWS\system32\drivers\d347prt.sys
2007-12-15 14:42 . 2007-12-15 14:42 1,142 --a------ C:\WINDOWS\mozver.dat
2007-12-15 14:39 . 2007-12-15 14:39 0 --a------ C:\WINDOWS\nsreg.dat
2007-12-12 13:01 . 2007-12-12 13:01 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\vlc
2007-12-12 13:01 . 2008-01-30 21:02 69 --a------ C:\WINDOWS\NeroDigital.ini
2007-12-12 13:00 . 2007-12-12 13:00 <DIR> d-------- C:\Programmi\VideoLAN
2007-12-12 12:46 . 2007-12-12 12:46 <DIR> d-------- C:\Documents and Settings\Giovanni\Dati applicazioni\Nero
2007-12-12 12:38 . 2007-12-12 12:38 <DIR> d-------- C:\Programmi\Nero
2007-12-12 12:38 . 2007-12-12 12:43 <DIR> d-------- C:\Programmi\File comuni\Nero
2007-12-12 12:38 . 2007-12-12 12:38 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Nero
2007-12-12 11:34 . 2008-01-11 18:37 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2007-12-11 21:12 . 2004-08-30 21:00 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-12-11 21:00 . 2007-12-11 21:00 <DIR> d-------- C:\Programmi\Windows Live
2007-12-11 21:00 . 2008-01-08 22:14 <DIR> d-------- C:\Programmi\Messenger Plus! Live
2007-12-11 20:21 . 2008-01-30 20:56 <DIR> d-------- C:\Programmi\eMule
2007-12-11 19:59 . 2007-12-11 19:59 268 --ah----- C:\sqmdata00.sqm
2007-12-11 19:59 . 2007-12-11 19:59 244 --ah----- C:\sqmnoopt00.sqm
2007-12-11 19:55 . 2008-01-27 17:07 <DIR> d-------- C:\Documents and Settings\Giovanni\Contacts
2007-12-11 19:01 . 2007-12-21 15:55 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-11 19:01 . 2008-01-08 22:14 <DIR> d-------- C:\Programmi\MSN Messenger

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-30 12:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-30 12:06 --------- d-----w C:\Programmi\Alice ti aiuta
2008-01-25 20:00 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-01-18 15:18 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-16 11:55 163,644 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-16 11:49 --------- d-----w C:\Programmi\File comuni\InstallShield
2007-12-11 17:59 --------- d-----w C:\Programmi\Java
2007-12-11 17:57 --------- d-----w C:\Programmi\File comuni\Java
2007-12-11 17:44 4,608 ----a-w C:\WINDOWS\system32\w95inf32.dll
2007-12-11 17:44 --------- d-----w C:\Programmi\PCI Audio Applications
2007-12-11 17:37 --------- d-----w C:\Programmi\File comuni\SpeechEngines
2007-12-11 17:37 --------- d-----w C:\Programmi\File comuni\ODBC
2007-12-11 17:00 --------- d-----w C:\Programmi\Idf
2007-12-11 17:00 --------- d-----w C:\Programmi\File comuni\Motive
2007-12-11 17:00 --------- d-----w C:\Programmi\Common Files
2007-12-11 16:59 155,995 ----a-w C:\WINDOWS\java\Packages\Y8HJ35V9.ZIP
2007-12-11 16:57 --------- d-----w C:\Programmi\Telecom Italia
2007-12-11 16:52 --------- d-----w C:\Programmi\Kaspersky Lab
2007-12-11 16:50 --------- d--h--w C:\Programmi\Uninstall Information
2007-12-11 16:46 --------- d-----w C:\Programmi\microsoft frontpage
2007-12-11 16:44 --------- d-----w C:\Programmi\Servizi in linea
2007-12-11 16:43 --------- d-----w C:\Programmi\File comuni\MSSoap
2004-10-27 15:05 22,144 ----a-w C:\WINDOWS\inf\other\ADM851X.sys
2004-10-27 15:05 22,144 ----a-w C:\WINDOWS\inf\ADM851X.sys
2001-11-23 12:08 712,704 ----a-w C:\WINDOWS\inf\other\audio3d.dll
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0062614A-1AC2-42D3-9954-95F9C3EFE4FA}]
2004-08-30 21:00 83968 --a------ C:\WINDOWS\system32\apphelpl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nod32kui"="C:\Programmi\Eset\nod32kui.exe" [2008-01-30 10:36 921600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-30 21:00 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Alice ti aiuta.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Alice ti aiuta.lnk
backup=C:\WINDOWS\pss\Alice ti aiuta.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
--a------ 2007-06-11 10:25 6731312 C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2007-08-03 12:51 202024 C:\Programmi\File comuni\Nero\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\C-Media Mixer]
--a------ 2002-07-02 18:22 1540096 C:\WINDOWS\NewMixer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools-1033]
--a------ 2004-08-22 17:05 81920 C:\Programmi\D-Tools\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
C:\PROGRA~1\ALICET~1\SMARTB~1\MotiveSB.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-12-12 14:02 5674352 C:\Programmi\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
--a------ 2007-08-08 09:25 1828136 C:\Programmi\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2007-03-01 15:57 153136 C:\Programmi\File comuni\Nero\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
--a------ 2007-12-10 10:12 695808 C:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2007-11-07 17:35 1294336 C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
appsecdll REG_EXPAND_SZ C:\WINDOWS\system32\AppCert\wsil32.dll

R0 zouoikve;zouoikve;C:\WINDOWS\system32\drivers\ymbeygle.dat []
R3 ADM851X;IDF Alice Gate 2 plus USB;C:\WINDOWS\system32\DRIVERS\ADM851X.SYS [2004-10-27 16:05]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-31 22:41:02
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Programmi\Eset\pr_imon.dll
.
Ora fine scansione: 2008-01-31 22.42.17

[nelmiopiccolofacciogiuoco]

scusa ho sbagliato...

[nelmiopiccolofacciogiuoco]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\pnwvieiu

*******************

Script file located at: \??\C:\Program Files\nmmthmec.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:\WINDOWS\system32\drivers\ymbeygle.dat for deletion
Deletion of file C:\WINDOWS\system32\drivers\ymbeygle.dat failed!

Could not process line:
C:\WINDOWS\system32\drivers\ymbeygle.dat
Status: 0xc0000022


Completed script processing.

*******************

Finished! Terminate.

[Sante62]

Scarica The Avenger
Scompattalo in una sua cartella in c:\
Avvialo
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

[nelmiopiccolofacciogiuoco]

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\bvnmu^mh

*******************

Script file located at: \??\C:\WINDOWS\dbmtfstl.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\Eset\nod32kui.exe deleted successfully.
File C:\DOCUME~1\Giovanni\IMPOST~1\Temp\1410728420.exe deleted successfully.
File C:\DOCUME~1\Giovanni\IMPOST~1\Temp\3443686516.exe deleted successfully.
File C:\DOCUME~1\Giovanni\IMPOST~1\Temp\4072739548.exe deleted successfully.
File C:\DOCUME~1\Giovanni\IMPOST~1\Temp\1952711556.exe deleted successfully.
File C:\DOCUME~1\Giovanni\IMPOST~1\Temp\2613482828.exe deleted successfully.
File C:\DOCUME~1\Giovanni\IMPOST~1\Temp\3223316868.exe deleted successfully.
File C:\DOCUME~1\Giovanni\IMPOST~1\Temp\2267298412.exe deleted successfully.
File C:\DOCUME~1\Giovanni\IMPOST~1\Temp\1130735544.exe deleted successfully.
File C:\DOCUME~1\Giovanni\IMPOST~1\Temp\2260842816.exe deleted successfully.
File C:\DOCUME~1\Giovanni\IMPOST~1\Temp\1294152120.exe deleted successfully.
File move operation C:\Programmi\Eset\bak\nod32kui.exe|C:\Programmi\Eset\nod32kui.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.

[nelmiopiccolofacciogiuoco]

avrei un problemino...credo ke kaspersky on line vada solamente con internet explorer e mi si disconnette in continuazione e nn faccio in tempo...con mozilla fire fox nn va avanti