Indice del forum Olimpo Informatico
I Forum di Zeus News
Leggi la newsletter gratuita - Attiva il Menu compatto
 
 FAQFAQ   CercaCerca   Lista utentiLista utenti   GruppiGruppi   RegistratiRegistrati 
 ProfiloProfilo   Messaggi privatiMessaggi privati   Log inLog in 

    Newsletter RSS Facebook Twitter Contatti Ricerca
Dialer Internet Connection
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus
Precedente :: Successivo  
Autore Messaggio
GX Style
Eroe
Eroe


Registrato: 11/07/07 11:44
Messaggi: 47
MessaggioInviato: 06 Feb 2008 16:18    Oggetto: Dialer Internet Connection Rispondi citando
Da molto tempo avevo in "Connetti a..." una nuova connessione: Internet Connection.


Non sapendo cosa fosse ho preferito lasciarla perdere.


Ora, per curiosità, ho fatto una ricerca su Google e ho scoperto che è un dialer. Cosa faccio??


Ecco il log di FindAWF:


19/10/2007 18.02 5.728.112 MsnMsgr.Exe
1 File 5.728.112 byte
2 Directory 31.378.706.432 byte disponibili
Il volume nell'unit? D non ha etichetta.
Numero di serie del volume: 7C5A-2317

Directory di D:\PROGRA~1\BEARSH~1\BAK

0 File 0 byte
2 Directory 89.290.366.976 byte disponibili
Il volume nell'unit? D non ha etichetta.
Numero di serie del volume: 7C5A-2317

Directory di D:\PROGRA~1\ITUNES\BAK

11/12/2007 12.10 267.048 iTunesHelper.exe
1 File 267.048 byte
2 Directory 89.290.366.976 byte disponibili
Il volume nell'unit? D non ha etichetta.
Numero di serie del volume: 7C5A-2317

Directory di D:\PROGRA~1\TOMTOM~1\BAK

31/10/2007 10.19 378.784 HOMERunner.exe
1 File 378.784 byte
2 Directory 89.290.366.976 byte disponibili
Il volume nell'unit? D non ha etichetta.
Numero di serie del volume: 7C5A-2317

Directory di D:\PROGRA~1\NOKIA\NOKIAP~1\BAK

10/12/2007 10.12 695.808 PCSuite.exe
1 File 695.808 byte
2 Directory 89.290.366.976 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

14348 22 Jan 2008 "C:\Programmi\Multimedia Card Reader\shwicon2k.exe"
139264 10 Dec 2004 "C:\Programmi\Multimedia Card Reader\bak\shwicon2k.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 19 Aug 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
79224 4 Dec 2007 "C:\Programmi\Alwil Software\Avast4\ashDisp.exe"
79224 4 Dec 2007 "C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe"
5724184 2 Jan 2008 "C:\Programmi\Windows Live\Messenger\msnmsgr.exe"
5728112 19 Oct 2007 "C:\Programmi\Windows Live\Messenger\bak\MsnMsgr.Exe"
102400 3 Feb 2008 "C:\WINDOWS\Installer\{B85C4D19-6CEB-48CF-BD98-C887AC8C6F94}\iTunesIco.exe"
79144 3 Feb 2008 "C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer\Installer Cache\iTunes 7.6.0.29\iTunesSetupAdmin.exe"
267048 15 Jan 2008 "D:\Programmi\iTunes\iTunesHelper.exe"
267048 11 Dec 2007 "D:\Programmi\iTunes\bak\iTunesHelper.exe"
196608 22 Jun 2004 "D:\Programmi\iTunes\iTunes Art Importer\iTunesArtImport.exe"
14348 22 Jan 2008 "D:\Programmi\TomTom HOME 2\HOMERunner.exe"
378784 31 Oct 2007 "D:\Programmi\TomTom HOME 2\bak\HOMERunner.exe"
14348 22 Jan 2008 "D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe"
695808 10 Dec 2007 "D:\Programmi\Nokia\Nokia PC Suite 6\bak\PCSuite.exe"


end of report


Ora c'è il rischio di bollette salate? Specifico che mi sono SEMPRE connesso con la mia connessione "di routine".
Top
Profilo Invia messaggio privato MSN
GX Style
Eroe
Eroe


Registrato: 11/07/07 11:44
Messaggi: 47
MessaggioInviato: 06 Feb 2008 16:24    Oggetto: Rispondi citando
Log di Hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15.23.39, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\SW_D.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\Programmi\QuickTime\QTTask.exe
D:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Multimedia Card Reader\bak\shwicon2k.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\PC-TV\WinManager\WinManager.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Windows Media Player\wmplayer.exe
D:\Programmi\eMule\emule.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Documents and Settings\User\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 212.216.112.112
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BearShare] "D:\Programmi\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TomTomHOME.exe] "d:\Programmi\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinManager.lnk = C:\Programmi\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197804961984
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F673A63-BDBF-4B7B-9693-1ECA9A470115}: NameServer = 85.37.17.8 85.38.28.73
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe

--
End of file - 7682 bytes
Top
Profilo Invia messaggio privato MSN
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 06 Feb 2008 21:23    Oggetto: Rispondi citando
Ciao GX Style, Ciao

Scarica avenger e scompattalo in una sua cartella non temporanea e non sul desktop

Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
Files to delete:
C:\Programmi\Multimedia Card Reader\shwicon2k.exe
D:\Programmi\TomTom HOME 2\HOMERunner.exe
D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe

Files to move:
C:\Programmi\Multimedia Card Reader\bak\shwicon2k.exe | C:\Programmi\Multimedia Card Reader\shwicon2k.exe
D:\Programmi\TomTom HOME 2\bak\HOMERunner.exe | D:\Programmi\TomTom HOME 2\HOMERunner.exe
D:\Programmi\Nokia\Nokia PC Suite 6\bak\PCSuite.exe | D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.

Scarica DelDomains e salvalo sul desktop (clic con destro sul link > salva oggetto)
poi clic con destro sul file e scegli Installa.

Poi, collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.
Top
Profilo Invia messaggio privato
GX Style
Eroe
Eroe


Registrato: 11/07/07 11:44
Messaggi: 47
MessaggioInviato: 07 Feb 2008 15:32    Oggetto: Rispondi citando
Grazie dell'aiuto. Ecco il log di avenger:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\uknoqohd

*******************

Script file located at: \??\C:\Documents and Settings\uhmebtbp.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Programmi\Multimedia Card Reader\shwicon2k.exe deleted successfully.
File D:\Programmi\TomTom HOME 2\HOMERunner.exe deleted successfully.
File D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe deleted successfully.
File move operation C:\Programmi\Multimedia Card Reader\bak\shwicon2k.exe|C:\Programmi\Multimedia Card Reader\shwicon2k.exe completed successfully.
File move operation D:\Programmi\TomTom HOME 2\bak\HOMERunner.exe|D:\Programmi\TomTom HOME 2\HOMERunner.exe completed successfully.
File move operation D:\Programmi\Nokia\Nokia PC Suite 6\bak\PCSuite.exe|D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe completed successfully.

Completed script processing.

*******************

Finished! Terminate.


Ho installato il file DelDomains.inf.

A breve farò la scansione online con Kaspersky. Normale che ci metta tantissimo?
Top
Profilo Invia messaggio privato MSN
GX Style
Eroe
Eroe


Registrato: 11/07/07 11:44
Messaggi: 47
MessaggioInviato: 07 Feb 2008 15:38    Oggetto: Rispondi citando
Ecco il log aggiornato di HiJackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14.37.56, on 07/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\Programmi\QuickTime\QTTask.exe
D:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmi\PC-TV\WinManager\WinManager.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\SW_D.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Windows Media Player\wmplayer.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
D:\Programmi\eMule\emule.exe
C:\Programmi\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 212.216.112.112
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BearShare] "D:\Programmi\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TomTomHOME.exe] "d:\Programmi\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinManager.lnk = C:\Programmi\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197804961984
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F673A63-BDBF-4B7B-9693-1ECA9A470115}: NameServer = 85.37.17.8 85.38.28.73
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe

--
End of file - 8067 bytes

Embarassed
Top
Profilo Invia messaggio privato MSN
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 07 Feb 2008 21:13    Oggetto: Rispondi citando
GX Style ha scritto:
A breve farò la scansione online con Kaspersky. Normale che ci metta tantissimo?

Dipende da quanti files hai sul pc. Wink
Top
Profilo Invia messaggio privato
GX Style
Eroe
Eroe


Registrato: 11/07/07 11:44
Messaggi: 47
MessaggioInviato: 08 Feb 2008 19:53    Oggetto: Rispondi citando
Tempo impiegato: 1 ora e 50 minuti. Tanto??

Ecco il log

http://www.freefilehosting.net/files/3bjki
Top
Profilo Invia messaggio privato MSN
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 08 Feb 2008 20:38    Oggetto: Rispondi citando
Avvia AVENGER
Clicca su input script manually
Clicca sulla lente d'ingrandimento
Inserisci queste righe:
Citazione:
Files to delete:
C:\Documents and Settings\User\Impostazioni locali\Temp\1107480560.exe
C:\Documents and Settings\User\Impostazioni locali\Temp\2515472928.exe
C:\Documents and Settings\User\Impostazioni locali\Temp\3185968064.exe
C:\Documents and Settings\User\Impostazioni locali\Temp\597444208.exe
C:\System Volume Information\_restore{9597C540-016B-421C-801A-6711E7AE8E89}\RP234\A0089375.exe
C:\System Volume Information\_restore{9597C540-016B-421C-801A-6711E7AE8E89}\RP252\A0101336.exe
D:\System Volume Information\_restore{9597C540-016B-421C-801A-6711E7AE8E89}\RP247\A0100814.rbf
D:\System Volume Information\_restore{9597C540-016B-421C-801A-6711E7AE8E89}\RP252\A0101337.exe
D:\System Volume Information\_restore{9597C540-016B-421C-801A-6711E7AE8E89}\RP252\A0101338.exe

Clicca su Done
Clicca sul semaforo
Il pc dovrebbe riavviarsi, se così non fosse, riavvialo tu.
Al termine dell'operazione, posta qui il risultato di Avenger con un log aggiornato di hijackthis.

Per sicurezza, segui le istruzioni di questo topic per postare il log di combofix.
Top
Profilo Invia messaggio privato
GX Style
Eroe
Eroe


Registrato: 11/07/07 11:44
Messaggi: 47
MessaggioInviato: 09 Feb 2008 13:24    Oggetto: Rispondi citando
Ecco il log di Avenger

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\rrqfoofn

*******************

Script file located at: \??\C:\o^kcvmfb.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\User\Impostazioni locali\Temp\1107480560.exe deleted successfully.
File C:\Documents and Settings\User\Impostazioni locali\Temp\2515472928.exe deleted successfully.
File C:\Documents and Settings\User\Impostazioni locali\Temp\3185968064.exe deleted successfully.
File C:\Documents and Settings\User\Impostazioni locali\Temp\597444208.exe deleted successfully.
File C:\System Volume Information\_restore{9597C540-016B-421C-801A-6711E7AE8E89}\RP234\A0089375.exe deleted successfully.
File C:\System Volume Information\_restore{9597C540-016B-421C-801A-6711E7AE8E89}\RP252\A0101336.exe deleted successfully.
File D:\System Volume Information\_restore{9597C540-016B-421C-801A-6711E7AE8E89}\RP247\A0100814.rbf deleted successfully.
File D:\System Volume Information\_restore{9597C540-016B-421C-801A-6711E7AE8E89}\RP252\A0101337.exe deleted successfully.
File D:\System Volume Information\_restore{9597C540-016B-421C-801A-6711E7AE8E89}\RP252\A0101338.exe deleted successfully.

Completed script processing.

*******************

Finished! Terminate.
Top
Profilo Invia messaggio privato MSN
GX Style
Eroe
Eroe


Registrato: 11/07/07 11:44
Messaggi: 47
MessaggioInviato: 09 Feb 2008 13:24    Oggetto: Rispondi citando
Il log aggiornati di HJT

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12.24.14, on 09/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\SW_D.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Multimedia Card Reader\shwicon2k.exe
C:\Programmi\QuickTime\QTTask.exe
D:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Programmi\PC-TV\WinManager\WinManager.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\Windows Live\Messenger\msnmsgr.exe
C:\Programmi\Mozilla Firefox\firefox.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\Programmi\Windows Media Player\wmplayer.exe
D:\Programmi\eMule\emule.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Programmi\Hijackthis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 212.216.112.112
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BearShare] "D:\Programmi\BearShare\BearShare.exe" /pause
O4 - HKLM\..\Run: [TomTomHOME.exe] "d:\Programmi\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [Sunkist2k] C:\Programmi\Multimedia Card Reader\shwicon2k.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Gestione servizi.lnk = C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: WinManager.lnk = C:\Programmi\PC-TV\WinManager\WinManager.exe
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1197804961984
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F673A63-BDBF-4B7B-9693-1ECA9A470115}: NameServer = 85.37.17.8 85.38.28.73
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programmi\File comuni\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programmi\File comuni\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SolidWorks SolidNetWork License Manager - Macrovision Corporation - C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe

--
End of file - 8100 bytes
Top
Profilo Invia messaggio privato MSN
GX Style
Eroe
Eroe


Registrato: 11/07/07 11:44
Messaggi: 47
MessaggioInviato: 09 Feb 2008 13:37    Oggetto: Rispondi citando
Per finire, il log di ComboFix

ComboFix 08-02.05.3 - User 2008-02-09 12.29.10.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.835 [GMT 1:00]
Eseguito da: C:\Documents and Settings\User\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com

.
((((((((((((((((((((((((( Files Creati Da 2008-01-09 al 2008-02-09 )))))))))))))))))))))))))))))))))))
.

2008-02-04 19:15 . 2008-02-04 19:15 <DIR> d-------- C:\WINDOWS\SXS
2008-02-04 19:13 . 2008-02-04 19:13 <DIR> d-------- C:\Programmi\Microsoft SQL Server
2008-02-03 10:56 . 2008-02-03 10:56 <DIR> d-------- C:\Programmi\iPod
2008-02-03 10:56 . 2008-02-09 12:32 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-03 10:56 . 2008-02-03 10:57 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-20 20:48 . 2008-01-20 20:48 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-01-20 20:48 . 2008-01-20 20:48 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-01-19 13:53 . 2008-01-19 13:53 38 --a------ C:\WINDOWS\avisplitter.INI
2008-01-18 21:20 . 2008-01-18 21:20 74,752 --a------ C:\WINDOWS\temp.000
2008-01-14 15:01 . 2008-01-14 15:01 <DIR> d-------- C:\Documents and Settings\User\Dati applicazioni\Media Player Classic
2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-07 13:23 --------- d-----w C:\Programmi\Multimedia Card Reader
2008-02-04 18:17 --------- d-----w C:\Programmi\File comuni\Autodesk Shared
2008-02-04 18:14 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Autodesk
2008-02-03 09:55 --------- d-----w C:\Programmi\QuickTime
2008-01-30 13:01 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\SolidWorks
2008-01-28 12:57 --------- d-----w C:\Programmi\File comuni\Adobe
2008-01-22 13:05 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-01-18 20:20 253,952 ------w C:\WINDOWS\Setup1.exe
2008-01-14 14:17 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\DivX
2008-01-02 19:55 --------- d-----w C:\Programmi\Windows Live
2008-01-02 19:55 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-01-02 19:53 --------- d-----w C:\Programmi\Nokia
2007-12-30 15:52 --------- d-----w C:\Programmi\Microsoft SQL Server Compact Edition
2007-12-30 15:49 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2007-12-28 17:37 --------- d--h--w C:\Programmi\InstallShield Installation Information
2007-12-27 20:37 --------- d-----w C:\Programmi\File comuni\PCSuite
2007-12-27 20:37 --------- d-----w C:\Programmi\File comuni\Nokia
2007-12-27 20:36 --------- d-----w C:\Programmi\PC Connectivity Solution
2007-12-26 14:33 --------- d-----w C:\Programmi\Google
2007-12-25 10:44 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Nokia Multimedia Player
2007-12-24 08:03 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\SimCity Societies
2007-12-23 19:59 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\dvdcss
2007-12-23 18:06 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple Computer
2007-12-23 18:05 --------- d-----w C:\Programmi\File comuni\Apple
2007-12-23 18:05 --------- d-----w C:\Programmi\Apple Software Update
2007-12-23 18:05 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Apple
2007-12-20 18:39 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-16 11:34 --------- d-----w C:\Programmi\Windows Media Bonus Pack for Windows XP
2007-12-13 20:31 --------- d-----w C:\Documents and Settings\User\Dati applicazioni\Ahead
2007-04-05 19:20 87,608 ----a-w C:\Documents and Settings\User\Dati applicazioni\ezpinst.exe
2007-04-05 19:20 47,360 ----a-w C:\Documents and Settings\User\Dati applicazioni\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Alwil Software\Avast4\bak\ashDisp.exe
----a-w 79,224 2007-12-04 13:00:23 C:\Programmi\Alwil Software\Avast4\ashDisp.exe

----a-w 5,728,112 2007-10-19 17:02:35 C:\Programmi\Windows Live\Messenger\bak\MsnMsgr.Exe
----a-w 5,724,184 2008-01-02 20:02:05 C:\Programmi\Windows Live\Messenger\msnmsgr.exe

----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 12:00:00 C:\WINDOWS\system32\ctfmon.exe

----a-w 267,048 2007-12-11 11:10:26 D:\Programmi\iTunes\bak\iTunesHelper.exe
----a-w 267,048 2008-01-15 02:22:56 D:\Programmi\iTunes\iTunesHelper.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 13:00 15360]
"PC Suite Tray"="D:\Programmi\Nokia\Nokia PC Suite 6\PCSuite.exe" [2007-12-10 10:12 695808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"BearShare"="D:\Programmi\BearShare\BearShare.exe" [ ]
"TomTomHOME.exe"="d:\Programmi\TomTom HOME 2\HOMERunner.exe" [2007-10-31 10:19 378784]
"Sunkist2k"="C:\Programmi\Multimedia Card Reader\shwicon2k.exe" [2004-12-10 11:49 139264]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Programmi\QuickTime\QTTask.exe" [2008-01-10 15:27 385024]
"iTunesHelper"="D:\Programmi\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-19 13:00 15360]
"Nokia.PCSync"="D:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-11-07 17:35 1294336]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Gestione servizi.lnk - C:\Programmi\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [2002-12-17 17:23:32 74308]
WinManager.lnk - C:\Programmi\PC-TV\WinManager\WinManager.exe [2007-11-18 13:28:55 61440]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 relog_ap

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Adobe Reader Synchronizer.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Adobe Reader Synchronizer.lnk
backup=C:\WINDOWS\pss\Adobe Reader Synchronizer.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Avvio veloce di Adobe Reader.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Avvio veloce di Adobe Reader.lnk
backup=C:\WINDOWS\pss\Avvio veloce di Adobe Reader.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 14:40 155648 C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-10 15:27 385024 C:\Programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
-r------- 2006-06-28 07:54 16248320 C:\WINDOWS\RTHDCPL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe

R1 LUMDriver;LUMDriver;C:\WINDOWS\system32\drivers\LUMDriver.sys [2006-10-13 21:53]
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe [2002-12-17 17:56]
R2 SolidWorks SolidNetWork License Manager;SolidWorks SolidNetWork License Manager;C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\lmgrd.exe [2003-03-26 08:00]
R3 axvbusx;axvbusx;C:\WINDOWS\system32\DRIVERS\axvbusx.sys [2003-01-31 20:43]
R3 axvscsi;axvscsi;C:\WINDOWS\system32\DRIVERS\axvscsi.sys [2003-01-31 20:43]
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Programmi\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE [2002-12-17 17:23]
S3 UDTT7049;DTV-DVB UDTT7049 - USB 2.0 DVB-T Receiver;C:\WINDOWS\system32\Drivers\UDTT7049.sys [2006-06-29 08:58]
S3 UDTT7049HID;UDTT7049HID - HID Driver;C:\WINDOWS\system32\drivers\UDTT7049HID.sys [2006-06-29 03:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{285466f7-7e3b-11dc-b819-00138ff990b8}]
\Shell\AutoRun\command - G:\autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{879b04ba-9db3-11dc-b844-00138ff990b8}]
\Shell\AutoRun\command - G:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{cf82794b-a0da-11dc-b849-00138ff990b8}]
\Shell\AutoRun\command - G:\InstallTomTomHOME.exe


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\ccc-core-static]
msiexec /fums {3CBBEE47-C8F4-316A-92FF-ED7E3DFAE41E} /qb
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-09 12:32:27
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Documents and Settings\User\Desktop\flexlm\SolidWorks SolidNetWork License Manager\SW_D.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Programmi\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclIrSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Programmi\PC Connectivity Solution\Transports\NclMSBTSrv.exe
.
**************************************************************************
.
Ora fine scansione: 2008-02-09 12:35:29 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-09 11:35:26
Top
Profilo Invia messaggio privato MSN
bdoriano
Amministratore
Amministratore


Registrato: 02/04/07 12:05
Messaggi: 14391
Residenza: 3° pianeta del sistema solare...
MessaggioInviato: 09 Feb 2008 15:14    Oggetto: Rispondi citando
Dovresti essere a posto, riscontri ancora problemi?
Top
Profilo Invia messaggio privato
GX Style
Eroe
Eroe


Registrato: 11/07/07 11:44
Messaggi: 47
MessaggioInviato: 10 Feb 2008 11:39    Oggetto: Rispondi
bdoriano ha scritto:
Dovresti essere a posto, riscontri ancora problemi?

no, niente per ora...bene così...Grazie bdoriano.....Smile
Top
Profilo Invia messaggio privato MSN
Mostra prima i messaggi di:   
Nuovo argomento   Rispondi    Indice del forum -> Pronto Soccorso Virus Tutti i fusi orari sono GMT + 2 ore
Pagina 1 di 1

 
Vai a:  
Non puoi inserire nuovi argomenti
Non puoi rispondere a nessun argomento
Non puoi modificare i tuoi messaggi
Non puoi cancellare i tuoi messaggi
Non puoi votare nei sondaggi