Olimpo Informatico

[Zodiac]

salve ragazzi
stamattina all'accensione del pc ho notato che nella barra in basso a destra(quella dove è posta anche l'ora),oltre ai soliti simboli di avast,connessione ect sono comparsi 2 nuovi simboli mai visti di attenzione(uno è un cerchio rosso con X bianca e l'altro il classico triangolo giallo con punto esclamativo).dopo poco avast mi segnala un worm e lo elimino.la cosa strana però è che da una delle 2 icone comincia ad uscire uno strano messaggio(eccolo nel dettaglio):



ed all'improvviso invece ne compare un'altro:





il bello è che tutte e 3 le icone rimandano ad un sito che consiglia di scarica un potente spyware...........ma nn mi sono fidato poichè se fosse di casa microsoft mi rimanderebbe ad un suo sito,invece mi rimanda a questo sito:

http://gomyhit.com/MTk2NTQ=/2/6411/an024l6/

strano,nn trovate?volevo quindi il vostro parere dato che questo messaggio diventa insistente e rompe le scatole ciclicamente ogni minuto senza la possibilità di stopparlo.ho quindi pensato ad un bel malwere.a voi l'arduo giudizio nonchè aiuto^^

[Sante62]

Ciao Zodiac
Guarda questa discussione
relativa a RogueRemover e Combofix, scaricali entrambi e fai la scansione del PC postando il risultato come indicato. Alla fine, posta anche un log di Hijackthis seguendo queste istruzioni

[Zodiac]

grazie sante^^.mi appresto pian piano a far tutto:
login combo:

ComboFix 08-02.05.3 - Guido 2008-02-10 14.28.12.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.679 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Guido\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - svchost.exe: deleted 68 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\Temp\2671343060.exe
C:\WINDOWS\Temp\3041687684.exe

----- BITS: Possible infected sites -----

hxxp://msgr.dlservice.microsoft.com
.
((((((((((((((((((((((((( Files Creati Da 2008-01-10 al 2008-02-10 )))))))))))))))))))))))))))))))))))
.

2008-02-10 13:01 . 2008-02-10 13:01 20,480 --a------ C:\WINDOWS\r-k.exe
2008-02-10 11:10 . 2008-02-10 11:10 15,872 --a------ C:\WINDOWS\system32\drvbew.dll
2008-02-09 10:45 . 2008-02-09 10:45 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 10:45 . 2008-02-09 10:45 24,576 --a------ C:\WINDOWS\system32\winkve32.dll
2008-02-09 10:45 . 2008-02-09 10:45 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-18 20:40 . 2008-01-18 20:40 <DIR> d-------- C:\WINDOWS\nview
2008-01-18 20:40 . 2008-01-18 20:40 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2008-01-17 13:28 . 2008-01-18 20:39 <DIR> d-------- C:\Programmi\CCleaner
2008-01-14 22:02 . 2008-01-14 22:02 <DIR> d-------- C:\WINDOWS\nview(2)
2008-01-14 22:02 . 2008-02-10 13:01 165,585 --a------ C:\WINDOWS\system32\nvapps.xml
2008-01-14 22:02 . 2007-12-05 01:41 17,737 --a------ C:\WINDOWS\system32\nvdisp.nvu

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-10 11:27 --------- d-----w C:\Programmi\NoAdware4
2008-02-10 10:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-02-10 10:36 --------- d-----w C:\Programmi\Spybot - Search & Destroy
2008-02-09 13:20 --------- d-----w C:\Documents and Settings\Guido\Application Data\teamspeak2
2008-02-05 11:09 --------- d-----w C:\Programmi\Lineage 2
2008-02-02 23:30 --------- d-----r C:\Programmi\eMule
2008-01-17 13:05 --------- d-----w C:\Programmi\Microsoft AntiSpyware
2008-01-17 13:05 --------- d-----w C:\Programmi\ewido anti-malware
2008-01-10 21:41 --------- d-----w C:\Programmi\The All-Seeing Eye
2003-11-29 21:07 488 -c--a-w C:\Programmi\INSTALL.LOG
.

((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 143,360 2003-05-05 07:57:30 C:\Programmi\Analog Devices\SoundMAX\bak\SMTray.exe
-c--a-w 143,360 2003-05-05 06:57:30 C:\Programmi\Analog Devices\SoundMAX\SMTray.exe

-c--a-w 692,224 2006-04-28 16:08:36 C:\Programmi\Creative\Sync Manager Unicode\bak\CTSyncU.exe

-c--a-w 180,312 2004-12-21 22:29:58 C:\Programmi\Executive Software\Diskeeper\bak\DkIcon.exe
----a-w 180,312 2004-12-21 21:29:58 C:\Programmi\Executive Software\Diskeeper\DkIcon.exe

-c--a-w 180,269 2005-06-02 11:46:50 C:\Programmi\File comuni\Real\Update_OB\bak\realsched.exe

-c--a-w 473,928 2005-07-12 13:35:18 C:\Programmi\Microsoft AntiSpyware\bak\gcasServ.exe

----a-w 98,304 2006-12-14 21:29:16 C:\Programmi\QuickTime\bak\qttask.exe

-c--a-w 15,360 2004-08-19 13:39:36 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-08-19 13:39:36 C:\WINDOWS\system32\ctfmon.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"AdobeUpdater"="C:\Programmi\File comuni\Adobe\Updater5\AdobeUpdater.exe" [2007-11-17 00:53 2321600]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Programmi\QuickTime\bak\qttask.exe" [2006-12-14 22:29 98304]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-04-30 16:42 75392]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-03-23 12:20 227328]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 11:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 11:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 11:22 86016]
"DiskeeperSystray"="C:\Programmi\Executive Software\Diskeeper\DkIcon.exe" [2004-12-21 22:29 180312]
"Acrobat Assistant 8.0"="C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 23:24 620152]
"MSDisp32"="C:\WINDOWS\system32\drvbew.dll" [2008-02-10 11:10 15872]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 14:39 15360]
"Nokia.PCSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2007-03-27 14:58 1744896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"AllowLegacyWebView"= 1 (0x1)
"AllowUnhashedWebView"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=MsgPlusLoader.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ :\WINDOWS\syste

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\2kadiras]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\9xadiras]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
C:\Programmi\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CloneCDTray]
--a--c--- 2001-11-28 16:12 49152 C:\Programmi\Elaborate Bytes\CloneCD\CloneCDTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ElbyCheckElbyCDFL]
--a--c--- 2001-12-03 16:14 45056 C:\Programmi\Elaborate Bytes\CloneCD\ElbyCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EssSpkPhone]
-ra--c--- 2001-10-19 09:49 49152 C:\WINDOWS\essspk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2003-12-22 08:38 241664 C:\Programmi\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2004-02-18 18:55 49152 C:\Programmi\Hewlett-Packard\HP Software Update\HPWuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
--a--c--- 2004-03-04 16:46 172032 C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2002-09-12 18:13 1101824 C:\Programmi\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\licli]


[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MessengerPlus3]
--a------ 2006-05-02 11:10 190024 C:\Programmi\MessengerPlus! 3\MsgPlus.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 17:24 1694208 C:\Programmi\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 C:\Programmi\MSN Messenger\MsnMsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a--c--- 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Programmi\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
--a--c--- 2003-05-05 07:57 143360 C:\Programmi\Analog Devices\SoundMAX\Smtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
C:\Programmi\File comuni\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a--c--- 2004-12-20 19:41 33792 C:\Programmi\Winamp\winampa.exe

R0 BsStor;InCD Storage Helper Driver;C:\WINDOWS\system32\DRIVERS\bsstor.sys [2002-06-06 00:07]
R1 ewido security suite driver;ewido security suite driver;C:\Programmi\ewido anti-malware\guard.sys [2005-12-30 12:12]
R1 stltrack;stltrack;C:\WINDOWS\system32\drivers\stltrack.sys [1998-09-14 10:38]
S3 adxapie;adxapie;C:\WINDOWS\TEMP\adxapie.sys []
S3 ids00026;ids00026;C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Anti-Virus Personal\5.0\bases\ids00026.sys []
S4 BsUDF;InCD UDF Driver;C:\WINDOWS\system32\drivers\BsUDF.sys [2002-09-13 13:35]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-10 14:32:37
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 1

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\winkve32.dll
.
Ora fine scansione: 2008-02-10 14.34.09
ComboFix-quarantined-files.txt 2008-02-10 13:33:23
.
2007-08-27 11:47:47 --- E O F ---

[Zodiac]

rogue remover mi ha fatto i complimenti ,dicendomi che non ho nulla,ed infatti dopo la scansione con combo le due icone pallose e il messaggio sono spariti^^.

[Zodiac]

Logfile of HijackThis v1.99.1
Scan saved at 14:46, on 2008-02-10
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Programmi sicurezza pc\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O1 - Hosts: 89.186.66.247 L2authd.lineage2.com
O1 - Hosts: 89.186.66.247 L2testauthd.lineage2.com
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {259F616C-A300-44F5-B04A-ED001A26C85C} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\bak\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Programmi\Executive Software\Diskeeper\DkIcon.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Programmi\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MSDisp32] rundll32.exe C:\WINDOWS\system32\drvbew.dll,startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Programmi\File comuni\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSNAgent] C:\WINDOWS\TEMP\win21.exe
O8 - Extra context menu item: Aggiungi a PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti destinazione link in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti destinazione link in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Converti i link selezionati in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converti i link selezionati in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converti in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in Adobe PDF - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converti selezione in file PDF esistente - res://C:\Programmi\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: Organizzatore ricerche - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Programmi\File comuni\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Basic) - http://www.meadroid.com/scriptx/ScriptX.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{BE95BB03-FFC7-47C3-9CD6-924B80281A17}: NameServer = 193.70.152.15 193.70.152.25
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: WgaLogon - WgaLogon.dll (file missing)
O20 - Winlogon Notify: winkve32 - C:\WINDOWS\
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Programmi\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Programmi\ewido anti-malware\ewidoctrl.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programmi\File comuni\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe

[Zodiac]

e te pareva -.-''
ho riavviato il pc dopo tutta questa serie di procedure per refreshare un pò e indovinate?sono ricomparsi tutti sti messagini!
però è starno che rogueremover mi dica che nonostante tutto il pc è pulito .
spero che non debba ogni volta avviare combofix.....
che dite?come mai ciò che avevo risolto dopo il riavvio è tornato?come posso eliminarlo definitivamente?

[Zodiac]

ho provato a riutilizzare i 2 programmi sopra consigliati,ma stavolta combo nonostante lo scan non ha risolto il problema a differenza di quanto successo col primo scan dove aveva pulito tutto.
rogue come al solito dava tutto pulito ma evidentemente così non era.
cmq ora ho provato ad usare un punto di ripristino di 4 giorni fa:all'avvio quei messaggi non ci sono più.pensate abbia fatto bene e abbia risolto o torneranno?si accettano consigli

[Sante62]

C'è qualcosa che lo ricrea....
Scarica Virit
Aggiornalo mediante l'icona della parabola posta nella barra in alto e fagli fare la scansione completa del PC.
Fai in modo che rimuova automaticamente i file infetti trovati.
Non dimenticare di disattivare momentaneamente il tuo antivirus.
Incolla poi quì il risultato. Successivamente fai girare anche Norman Malware Cleaner
disattiva il ripristino di sistema e avvia il PC in modalità provvisoria
Avvia Norman Malware Cleaner.
Viene generato un log sul desktop chiamandolo NFix_2008-01-gg_hh-mm-ss.log, alla fine della scansione postalo qui.