Olimpo Informatico

[Lukino24]

Buon giorno
Ho preso una brutto virus e non riesco a rimuoverlo
Ho Windows XP (SP2) aggiornato e, attualmente sul mio pc ho installato come antivirus e anti spyware:

avast!
spybot

Per rimuoverlo ho già provato:

avg
avast!
bitdefender (on line)
spy bot (che non lo rileva nemmeno)
ad aware
AVG Antispyware (che non lo rileva)
avg rootkit (non lo rileva, ma non mi ha mai rilevato nulla ^^')
Ho anche provato in DOS da mod provvisoria, ma mi da sempre "accesso negato"

Il virus è:
O2 - BHO: (no name) - {89799393-6BF9-4BE3-8213-86F04EED2100} - C:\WINDOWS\system32\ciod.dll

Ecco un log:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 15.57.41, on 26/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Utente\Desktop\backup\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://as.starware.com/dp/search?produc ... google.it/ (obfuscated)
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5f90c0e3-4c0a-4d54-a8ac-5afe6163a99e} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {89799393-6BF9-4BE3-8213-86F04EED2100} - C:\WINDOWS\system32\ciod.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar con blocco Pop-Up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\WINDOWS\TEMP\E_S80.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {16930DCA-0910-4C00-86FF-0C73872D4ABA} - javascript:window.location.href="http://www.cercasulweb.com/" (file missing)
O9 - Extra 'Tools' menuitem: cerca sul web - {16930DCA-0910-4C00-86FF-0C73872D4ABA} - javascript:window.location.href="http://www.cercasulweb.com/" (file missing)
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: sesso - {2B44FD33-B048-4B2B-88D5-4B80AB018F29} - C:\WINDOWS\system32\sesso (file missing)
O9 - Extra button: cerca sul web - {810B72CB-566A-409B-B6A3-31F720C16FAE} - C:\WINDOWS\system32\cerca sul web (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {A2199168-22AC-44A3-BA5F-8A83E693FEBF} - javascript:window.location.href="http://www.sexy-nipples.com/link1" (file missing)
O9 - Extra 'Tools' menuitem: videochats - {A2199168-22AC-44A3-BA5F-8A83E693FEBF} - javascript:window.location.href="http://www.sexy-nipples.com/link1" (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: InstallareKazaa - {EF6D6AE3-2625-40D6-A5AB-920DFD2DAF8C} - C:\Documents and Settings\Utente\Dati applicazioni\InstallareKazaa[1].exe (file missing)
O9 - Extra button: videochats - {F4445FEB-6D20-47CB-9ACF-9D142A7F680A} - C:\WINDOWS\system32\videochats (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FF55FC7B-F2EB-4F50-9409-2F726DD0E112} - javascript:window.location.href="http://www.sexy-nipples.com/link2" (file missing)
O9 - Extra 'Tools' menuitem: sesso - {FF55FC7B-F2EB-4F50-9409-2F726DD0E112} - javascript:window.location.href="http://www.sexy-nipples.com/link2" (file missing)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://img.youtube.com/vi/ET3N30eNo_A/2.jpg

--
End of file - 9443 bytes


P.S: Se mi date una mano a levare tutte le altre schifezze ve ne sarei grato, io non ci riesco


Ciao a tutti e buona giornata!

[Sante62]

Ciao Lukino24 e benvenuto...
Avvia HJT, seleziona a sinistra queste righe e clicca poi su fix Checked rispondendo si:

[Lukino24]

Ecco fatto!
Grazie per l' aiuto!


Cominciamo con HJT

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 16.10.12, on 22/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Documents and Settings\Utente\Desktop\backup\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {89799393-6BF9-4BE3-8213-86F04EED2100} - C:\WINDOWS\system32\ciod.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programmi\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [AzMixerSel] C:\Programmi\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Programmi\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Invia a periferica &Bluetooth... - C:\Programmi\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O22 - SharedTaskScheduler: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O24 - Desktop Component 0: (no name) - http://img.youtube.com/vi/ET3N30eNo_A/2.jpg

--
End of file - 6663 bytes



Combofix

ComboFix 08-02-22.3 - Utente 2008-02-22 15.33.18.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.454 [GMT 1:00]
Eseguito da: C:\Documents and Settings\Utente\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Brani\BraniOptions.xml
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Brani\BraniOptions.xml.backup
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\BrowserSearch\BrowserSearch.xml
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\BrowserSearch\BrowserSearch.xml.backup
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Button_6\Button_6Options.xml
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Button_6\Button_6Options.xml.backup
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Button_7\Button_7Options.xml
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Button_7\Button_7Options.xml.backup
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Button_8\Button_8Options.xml
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Button_8\Button_8Options.xml.backup
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Configurator\Configurator.xml
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Configurator\Configurator.xml.backup
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\ErrorSearch\ErrorSearchOptions.xml
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\ErrorSearch\ErrorSearchOptions.xml.backup
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Layouts\ToolbarLayout.xml
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Layouts\ToolbarLayout.xml.backup
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Manager\ManagerOptions.xml
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Manager\ManagerOptions.xml.backup
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Radio_IT\Radio_ITOptions.xml
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Radio_IT\Radio_ITOptions.xml.backup
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\RelatedSearch\RelatedSearchOptions.xml
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\RelatedSearch\RelatedSearchOptions.xml.backup
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Ricerca_di_musica\Ricerca_di_musicaOptions.xml
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Ricerca_di_musica\Ricerca_di_musicaOptions.xml.backup
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Scarica\ScaricaOptions.xml
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Scarica\ScaricaOptions.xml.backup
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Toolbar\TBProductsOptions.xml
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\Toolbar\TBProductsOptions.xml.backup
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\ToolbarLogo\ToolbarLogoOptions.xml
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\ToolbarLogo\ToolbarLogoOptions.xml.backup
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\ToolbarSearch\ToolbarSearchOptions.xml
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\ToolbarSearch\ToolbarSearchOptions.xml.backup
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\TravelSearch\TravelSearchOptions.xml
C:\Documents and Settings\Jacopo\Dati applicazioni\Starware371\TravelSearch\TravelSearchOptions.xml.backup
C:\Documents and Settings\Utente\ResErrors.log

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_FMTR


((((((((((((((((((((((((( Files Creati Da 2008-01-22 al 2008-02-22 )))))))))))))))))))))))))))))))))))
.

2008-02-22 15:31 . 2008-02-22 15:31 0 --a------ C:\WINDOWS\nsreg.dat
2008-02-15 18:01 . 2008-02-15 18:01 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\AdobeUM
2008-02-09 20:19 . 2008-02-09 20:19 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\EPSON
2008-01-26 17:28 . 2008-02-22 15:08 <DIR> d-------- C:\Programmi\AdunanzA
2008-01-26 15:11 . 2008-01-26 15:11 <DIR> d-------- C:\Programmi\CCleaner
2008-01-26 15:06 . 2008-01-26 15:06 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-01-26 15:06 . 2008-01-26 15:22 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-01-26 15:02 . 2008-01-26 15:02 <DIR> d-------- C:\Programmi\Alwil Software
2008-01-26 15:02 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-26 15:02 . 2004-01-09 10:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-26 15:02 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-01-26 15:02 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-26 15:02 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-26 15:02 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-26 15:02 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-26 15:02 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-26 14:13 . 2008-01-26 14:48 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-01-26 14:07 . 2008-01-26 14:53 <DIR> d-------- C:\Documents and Settings\Utente\.housecall6.6
2008-01-23 21:34 . 2008-01-23 21:34 <DIR> d-------- C:\Documents and Settings\Utente\Dati applicazioni\protezionesoft
2008-01-23 20:58 . 2008-01-23 20:58 <DIR> d-------- C:\Documents and Settings\Jacopo\Dati applicazioni\protezionesoft
2008-01-23 20:52 . 2008-01-26 14:59 <DIR> d-------- C:\Programmi\ProtezioneSoft
2008-01-23 20:47 . 2008-01-23 20:47 256,560 --a------ C:\Documents and Settings\Jacopo\Dati applicazioni\setup_it[1].exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-28 22:08 --------- d-----w C:\Programmi\American Conquest - Edizione Oro
2008-01-26 21:47 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\dvdcss
2008-01-26 13:54 --------- d-----w C:\Programmi\ESET
2008-01-16 21:56 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Messenger Plus!
2008-01-16 21:49 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-01-16 21:33 --------- d-----w C:\Programmi\Windows Live
2008-01-16 21:27 --------- d-----w C:\Programmi\Microsoft SQL Server Compact Edition
2008-01-16 21:23 --------- dcsh--w C:\Programmi\File comuni\WindowsLiveInstaller
2008-01-16 21:23 --------- d-----w C:\Programmi\Java
2008-01-16 21:22 --------- d-----w C:\Programmi\File comuni\Java
2008-01-16 21:20 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-01-12 14:34 --------- d-----w C:\Programmi\Yahoo!
2008-01-12 11:59 --------- d-----w C:\Programmi\File comuni\BastioneAntivirus
2008-01-12 11:36 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-01-12 11:35 --------- d-----w C:\Documents and Settings\Utente\Dati applicazioni\AVG7
2008-01-12 11:35 --------- d-----w C:\Documents and Settings\Jacopo\Dati applicazioni\AVG7
2008-01-12 11:28 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Office Genuine Advantage
2008-01-09 14:01 53,248 ----a-w C:\WINDOWS\bdoscandel.exe
2007-12-26 03:06 --------- d-----w C:\Programmi\MSXML 4.0
2007-03-24 16:12 24,192 ----a-w C:\Documents and Settings\Utente\usbsermptxp.sys
2007-03-24 16:12 22,768 ----a-w C:\Documents and Settings\Utente\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{89799393-6BF9-4BE3-8213-86F04EED2100}]
2004-08-30 21:00 84992 --a------ C:\WINDOWS\system32\ciod.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe" [2005-10-28 16:25 94208]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-30 21:00 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AzMixerSel"="C:\Programmi\Realtek\InstallShield\AzMixerSel.exe" [2005-06-11 20:51 53248]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-20 20:58 7581696]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-20 20:58 86016]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"EPSON Stylus D78 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.exe" [2006-02-23 05:00 131072]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-30 21:00 15360]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
BTTray.lnk - C:\Programmi\WIDCOMM\Bluetooth Software\BTTray.exe [2006-01-17 10:45:32 618557]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2007-03-22 13:34:52 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallareKazaa]
C:\Documents and Settings\Utente\Dati applicazioni\InstallareKazaa
[1].exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MP3italia]
C:\Documents and Settings\Utente\Dati applicazioni\MP3italia
[1].exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Salestart]
C:\Programmi\File comuni\BastioneAntivirus\stmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-r------- 2006-05-16 19:04 2879488 C:\WINDOWS\SkyTel.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"C:\\Documents and Settings\\Utente\\Desktop\\eMule\\emule.exe"=
"C:\\Programmi\\iDC++\\iDCPlusPlus.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\AdunanzA\\eMule_AdnzA.exe"=

R0 iufuwwhs;iufuwwhs;C:\WINDOWS\system32\drivers\hslorztm.dat []
R3 nvsmu;nvsmu;C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 05:49]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 15:40:55
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Programmi\WIDCOMM\Bluetooth Software\btkeyind.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Ora fine scansione: 2008-02-22 15:42:23 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-22 14:42:20
.
2008-01-09 22:06:44 --- E O F ---

GMER
[URL="http://www.freefilehosting.net/files/3cch7"]passo12.txt[/URL]
[URL="http://www.freefilehosting.net/files/3cch8"]passo21.txt[/URL]

awf
awf11.txt

P.S: O2 - BHO: (no name) - {89799393-6BF9-4BE3-8213-86F04EED2100} - C:\WINDOWS\system32\ciod.dll
Non si è rimosso

[baciami]

combofix ti ha eliminato tanta roba
vai qui e scorri fino a che trovi suspectfile http://forum.zeusnews.com/viewtopic.php?p=210548 dopo che hai fatto tutto..carica il log qui http://www.freefilehosting.net e postalo

[baciami]

P.S: O2 - BHO: (no name) - {89799393-6BF9-4BE3-8213-86F04EED2100} - C:\WINDOWS\system32\ciod.dll
Non si è rimosso


prova a fixarlo in modalità provvisoria...leggi qui come.. http://forum.zeusnews.com/viewtopic.php?t=22084

[Lukino24]

Avevo già provato in provvisoria, ma nulla, non se ne vuole andare...
Ora provo con suspect, grazie