Olimpo Informatico

Adamus · Eroe Registrato: 07/06/07 23:36 Messaggi: 56

Salve a tutti,
dopo aver risolto il problemino dell'estate ecco che si ripropone sempre la solita bestia. Twisted Evil

prima mi carica la solita icona 123 su Temp poi sornione Mr. Green

mentre navigo mi toglie la connessione e si connette tramite una nuova connessione che nel frattempo ha installato col nome di Internet Connection.
Ma come faccio a toglierlo di mezzo una volta per tutte ?
ecco qui FindAWF

Find AWF report by noahdfear ©2006
Version 1.40

bak folders found
~~~~~~~~~~~

Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: D8C1-B525

Directory di C:\VEXPLITE\BAK

03/01/2008 23.00 245.760 MONLITE.EXE
1 File 245.760 byte
2 Directory 14.218.162.176 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: D8C1-B525

Directory di C:\PROGRA~1\A-SQUA~1\BAK

26/06/2007 23.08 1.332.224 a2adguard.exe
09/08/2007 16.43 9.985 bugreport.txt
2 File 1.342.209 byte
2 Directory 14.218.162.176 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: D8C1-B525

Directory di C:\PROGRA~1\ITUNES\BAK

02/11/2007 18.36 267.048 iTunesHelper.exe
1 File 267.048 byte
2 Directory 14.218.158.080 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: D8C1-B525

Directory di C:\PROGRA~1\LEXMAR~1\BAK

0 File 0 byte
2 Directory 14.218.158.080 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: D8C1-B525

Directory di C:\PROGRA~1\QUICKT~1\BAK

19/10/2007 20.16 286.720 qttask.exe
1 File 286.720 byte
2 Directory 14.218.158.080 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: D8C1-B525

Directory di C:\PROGRA~1\SPYWAR~1\BAK

07/01/2008 15.22 386 SpywareTerminatorShield.exe.err
1 File 386 byte
2 Directory 14.218.158.080 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: D8C1-B525

Directory di C:\PROGRA~1\UNLOCKER\BAK

0 File 0 byte
2 Directory 14.218.158.080 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: D8C1-B525

Directory di C:\WINDOWS\SYSTEM32\BAK

19/08/2004 14.39 15.360 ctfmon.exe
1 File 15.360 byte
2 Directory 14.218.158.080 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: D8C1-B525

Directory di C:\PROGRA~1\ALCATEL\SPEEDT~1\BAK

03/05/2002 09.40 4.341.760 Dragdiag.exe
1 File 4.341.760 byte
2 Directory 14.218.158.080 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: D8C1-B525

Directory di C:\PROGRA~1\ALWILS~1\AVAST4\BAK

04/12/2007 14.00 79.224 ashDisp.exe
1 File 79.224 byte
2 Directory 14.218.158.080 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: D8C1-B525

Directory di C:\PROGRA~1\CYBERL~1\POWERDVD\LANGUAGE\BAK

0 File 0 byte
2 Directory 14.218.158.080 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: D8C1-B525

Directory di C:\PROGRA~1\FILECO~1\AHEAD\LIB\BAK

0 File 0 byte
2 Directory 14.218.153.984 byte disponibili

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

245760 3 Jan 2008 "C:\VEXPLITE\bak\MONLITE.EXE"
1332224 26 Jun 2007 "C:\Programmi\a-squared Anti-Dialer\bak\a2adguard.exe"
9985 9 Aug 2007 "C:\Programmi\a-squared Anti-Dialer\bak\bugreport.txt"
14348 6 Jan 2008 "C:\Programmi\iTunes\iTunesHelper.exe"
267048 2 Nov 2007 "C:\Programmi\iTunes\bak\iTunesHelper.exe"
102400 10 Nov 2007 "C:\WINDOWS\Installer\{E3FEE4E7-4488-4A3F-A6BD-13745936EADB}\iTunesIco.exe"
116008 2 Nov 2007 "C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\Apple Computer\Installer Cache\iTunes 7.5.0.20\iTunesSetupAdmin.exe"
14348 6 Jan 2008 "C:\Programmi\QuickTime\qttask.exe"
286720 19 Oct 2007 "C:\Programmi\QuickTime\bak\qttask.exe"
386 7 Jan 2008 "C:\Programmi\Spyware Terminator\bak\SpywareTerminatorShield.exe.err"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINNT\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
14348 6 Jan 2008 "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe"
4341760 3 May 2002 "C:\Programmi\Alcatel\SpeedTouch USB\bak\Dragdiag.exe"
4341760 "C:\Documents and Settings\Utente\Documenti\Sicurezza\Nuova cartella (2)\speedtouchusb16\SpeedTouchUSB16\Programs\dragdiag.exe"
79224 4 Dec 2007 "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
79224 4 Dec 2007 "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe"

end of report

grazie sempre del vostro mitico aiuto

CinCin

Sante62 · Dio maturo Registrato: 27/06/07 17:55 Messaggi: 3477 Residenza: Floridia

Ciao Adamus Ciao

Scarica The Avenger
Scompattalo in una sua cartella in c:\
Avvialo
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:

Adamus · Eroe Registrato: 07/06/07 23:36 Messaggi: 56

grazie Sante Applause

ecco hijackthis

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23.25.20, on 22/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Softwin\BitDefender10\bdmcon.exe
C:\Programmi\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\Softwin\BitDefender10\vsserv.exe
C:\Documents and Settings\Utente\Desktop\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Diagnostica SpeedTouch USB] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Programmi\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\system32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programmi\MP3 Player Utilities 3.76\AMVConverter\grab.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 3.76\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Programmi\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programmi\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6550 bytes

bdoriano

Dovresti postare anche il log di avenger. Razz

Scarica DelDomains e salvalo sul desktop (clic con destro sul link > salva oggetto)
poi clic con destro sul file e scegli Installa.

Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

Adamus · Eroe Registrato: 07/06/07 23:36 Messaggi: 56

hai ragione !! ecco avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\mmffhopx

*******************

Script file located at: \??\C:\Program Files\cheictgg.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\iTunes\iTunesHelper.exe deleted successfully.
File C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe deleted successfully.
File C:\Programmi\QuickTime\qttask.exe deleted successfully.
File move operation C:\Programmi\Alcatel\SpeedTouch USB\bak\Dragdiag.exe|C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe completed successfully.
File move operation C:\Programmi\iTunes\bak\iTunesHelper.exe|C:\Programmi\iTunes\iTunesHelper.exe completed successfully.
File move operation C:\Programmi\QuickTime\bak\qttask.exe|C:\Programmi\QuickTime\qttask.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.

Adamus · Eroe Registrato: 07/06/07 23:36 Messaggi: 56

questi sono i log di GMER

http://www.freefilehosting.net/download/3b9ic
http://www.freefilehosting.net/download/3b9id

con del domains faccio i passaggi richiesti ma sembra che on accada nulla.
è un programma come gmer o simili ?
ciao e grazie
Angel

bdoriano

No, DelDomains modifica alcune chiavi nel file di registro e basta.
L'unica cosa che si nota è la richiesta di autorizzazione ad aggiungere delle voci nel file di registro. Razz

Adamus · Eroe Registrato: 07/06/07 23:36 Messaggi: 56

Al termine dell'operazione, posta qui il risultato con un log aggiornato di hijackthis. Guarda anche questa discussione relativa a Combofix e fai la scansione del PC postando il risultato come indicato.[/quote]

Ecco anche il log di Combofix:

ComboFix 08-02.03.1 - Utente 2008-02-02 23.18.31.1 - NTFSx86
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll

((((((((((((((((((((((((( Files Creati Da 2008-01-02 al 2008-02-02 )))))))))))))))))))))))))))))))))))
.

2008-01-22 23:08 . 2008-02-02 18:05 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-22 23:08 . 2008-01-22 23:08 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-21 23:09 . 2008-01-21 23:09 <DIR> d-------- C:\Programmi\Sunbelt Software
2008-01-07 15:12 . 2008-01-07 15:12 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\Bitdefender
2008-01-07 15:12 . 2008-02-02 23:31 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-01-07 15:06 . 2008-01-07 15:06 <DIR> d-------- C:\Programmi\Softwin
2008-01-07 15:06 . 2008-01-07 15:07 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Dati applicazioni\BitDefender
2008-01-07 15:04 . 2008-01-07 15:06 <DIR> d-------- C:\Programmi\File comuni\Softwin
2008-01-05 23:48 . 2008-01-05 23:49 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\kantaris
2008-01-05 23:40 . 2008-01-05 23:40 <DIR> d-------- C:\videooutput
2008-01-05 23:40 . 2008-01-05 23:40 <DIR> d-------- C:\Programmi\Smallvideosoft
2008-01-05 23:40 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\NCMedia.dll
2008-01-05 23:40 . 2007-03-07 00:45 3,086,336 --a------ C:\WINDOWS\system32\flvvideo.dll
2008-01-05 23:40 . 2006-11-01 14:52 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-01-05 23:40 . 2007-02-25 15:36 383,238 --a------ C:\WINDOWS\system32\libmp3lame-0.dll
2008-01-05 23:38 . 2008-01-05 23:39 <DIR> d-------- C:\Programmi\Kantaris
2008-01-03 20:02 . 1997-07-06 15:14 28,160 --a------ C:\WINDOWS\SFMAN32.DLL
2008-01-03 19:58 . 1996-10-15 18:01 298,496 --a------ C:\WINDOWS\uninst.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 19:24 --------- d-----w C:\Programmi\eMule
2008-01-22 22:07 --------- d-----w C:\Programmi\QuickTime
2008-01-22 22:07 --------- d-----w C:\Programmi\iTunes
2008-01-10 13:13 --------- d-----w C:\Programmi\Lexmark X1100 Series
2008-01-06 22:15 --------- d-----w C:\Programmi\Spyware Terminator
2007-12-27 19:58 36,096 ----a-w C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2007-12-17 20:31 --------- d-----w C:\Programmi\RogueRemover FREE
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2006-01-08 10:15 24,192 ----a-w C:\Documents and Settings\Antonio\usbsermptxp.sys
2006-01-08 10:15 22,768 ----a-w C:\Documents and Settings\Antonio\usbsermpt.sys
2004-12-12 13:28 83 ----a-w C:\Programmi\RobotError.log
2003-05-23 08:21 271 --sh--w C:\Programmi\desktop.ini
2003-05-23 08:21 22,075 ---ha-w C:\Programmi\folder.htt
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2008-01-06 23:13 14348]
"Diagnostica SpeedTouch USB"="C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" [2002-05-03 09:40 4341760]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-11-02 18:36 267048]
"BDMCon"="C:\Programmi\Softwin\BitDefender10\bdmcon.exe" [2007-04-02 16:48 290816]
"BDAgent"="C:\Programmi\Softwin\BitDefender10\bdagent.exe" [2007-03-26 15:49 69632]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 14:39 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"Service"= C:\WINDOWS\system32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"MsnMsgr"="C:\Programmi\MSN Messenger\MsnMsgr.Exe" /background
"Advanced Uninstaller PRO Installation Monitor"="C:\Programmi\Innovative Solutions\Advanced Uninstaller PRO - Version 8\monitor.exe"
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
"creative ball"=C:\DOCUME~1\Utente\DATIAP~1\4LINK~1\heckfrag.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"modonltm"="c:\windows\system32\modonltm.exe"
"Lexmark X1100 Series"="C:\Programmi\Lexmark X1100 Series\lxbkbmgr.exe"
"LanguageShortcut"=C:\Programmi\CyberLink\PowerDVD\Language\Language.exe
"RemoteControl"=C:\Programmi\CyberLink\PowerDVD\PDVDServ.exe
"SoundMan"=soundman.exe
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" -atboottime
"UnlockerAssistant"="C:\Programmi\Unlocker\UnlockerAssistant.exe"
"Uninstall_CToolbar"="C:\WINDOWS\Temp\CTun.exe" "/remove"
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe"

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 10:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 10:21]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2007-09-15 23:54]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2002-01-08 07:14]
S3 PAC207;Trust WB-1400T Webcam;C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 11:29]
S3 pwalker;Process Walker Driver;C:\DOCUME~1\Utente\IMPOST~1\Temp\nsh6.tmp\pwalker.sys []
S3 RegGuard;RegGuard;C:\WINDOWS\system32\Drivers\regguard.sys [2007-06-10 22:05]
S4 a2AntiDialer;a-squared Anti-Dialer Service;C:\Programmi\a-squared Anti-Dialer\a2service.exe [2007-06-26 22:58]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-02 13:09:45 C:\WINDOWS\Tasks\zpzzoa.job"
- c:\windows\system32\svcbkubj.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-02 23:32:11
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-02-02 23.39.04

e questo è HijackThis v2.0.0

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 0.05.19, on 03/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Programmi\CyberLink\Shared files\RichVideo.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe
C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Programmi\Softwin\BitDefender10\vsserv.exe
C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Utente\Desktop\sicurezza\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [SpywareTerminator] "C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [Diagnostica SpeedTouch USB] "C:\Programmi\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Programmi\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Programmi\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Service] C:\WINDOWS\system32.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Programmi\MP3 Player Utilities 3.76\AMVConverter\grab.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Programmi\MP3 Player Utilities 3.76\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7940FED-AEED-47B7-A7BA-B50A80EFBA1A}: NameServer = 85.37.17.8 85.38.28.73
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Programmi\File comuni\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Programmi\File comuni\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Programmi\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: Spyware Terminator Clam Service (sp_clamsrv) - Crawler.com - C:\Programmi\WinClamAVShield\sp_clamsrv.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Programmi\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Programmi\File comuni\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6619 bytes

devo fare qualcos'altro ?
10 giorni fa circa go installato (oltre alla montagna di cose che ho già ma sembra sempre che non servino a nulla...) anche Sunbelt Personal Firewall
e da qualche giorno sembra tutto silente ma non sono convinto
Think