Olimpo Informatico

[Palommellarossa]

Prima che mi suicido o butto il pc dalla finestra, spero mi possiate aiutare... (e, come si dice qui, "'a Maronn' v'o rend'").

Ho salvato e aperto il file/virus "myphoto" da MSN giorni fa.
Ho più volte usato MSNFix che a volte ha trovato il virus e l'ha eliminato, altre volte no.
Sto utilizzando al momento due antivirus... Avast che in continuazione mi dà avvisi di trojans... poi ho usato SuperAntospyware che anche mi trova sempre trojans e worm... idem per spybot.
Teoricamente il virus dovrebbe essere stato eliminato, ma mi sa che restano gli effetti.
Che fare?
Grazie

[Palommellarossa]

Risultato MSNFix... se serve...


MSNFix 1.661

C:\MSNFix
Fix effettuato il 21/02/2008 - 22.52.45,25 By Valentina
modalità normale

************************ Cercare i files presenti

... $$ Service Found $$ ... yuoaeye3y
... D:\DOCUME~1\VALENT~1\IMPOST~1\Temp\??.exe

************************ Ricerca le cartelle presenti

Nessuna cartella trovata




************************ Eliminazione dei files

... $$ Service yuoaeye3y deleted ... yuoaeye3y
.. OK ... C:\WINDOWS\system32\waq.exe
.. OK ... C:\WINDOWS\system32\waq.exe
.. OK ... D:\DOCUME~1\VALENT~1\IMPOST~1\Temp\??.exe



************************ Pulizia del Registro



************************ Files sospetti

Nessun files trovato


I files e le chiavi di registro eliminati sono stati salvati nel file 21022008_22.55.3281.zip

[bdoriano]

Ciao Palommellarossa,

Segui le istruzioni di questo topic per postare il log di hijackthis.

Poi, segui le istruzioni di questo topic per postare il log di combofix.

PS: se vuoi, puoi presentarti qui

[Palommellarossa]

Grazie mille... mò vedo se riesco a far resuscitare il pc!
Ovviamente mi presenterò... appena esco dalla crisi... hehehe
Ovviamente, se tutto funge, sacrificherò a zeus migliaia di caprette (di peluche)

[Palommellarossa]

ogfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.26.49, on 22/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\system32\microsoft32dll.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\winlogon.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\Programmi\Windows Live\Family Safety\fssui.exe
C:\WINDOWS\system32\microsoft32dll.exe
C:\APPS\SMP\SmpSys.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Pando Networks\Pando\Pando.exe
C:\Programmi\MySpace\IM\MySpaceIM.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\Internet Explorer\iexplore.exe
C:\Programmi\MySpace\IM\MySpaceIM.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Windows Media Player\wmplayer.exe
D:\Documents and Settings\Valentina\Documenti\programmi\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://it.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Programmi\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Programmi\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Programmi\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Programmi\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Programmi\PandoBar\bar\1.bin\PANDOBAR.DLL
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE USB
O4 - HKLM\..\Run: [GsiFinal] rundll32 gspndll.dll,postInstall final
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [Microsoft Dll Manager] microsoft32dll.exe
O4 - HKLM\..\RunServices: [rsky] C:\WINDOWS\system32\rsky.exe
O4 - HKLM\..\RunServices: [hmuzd] C:\WINDOWS\system32\hmuzd.exe
O4 - HKLM\..\RunServices: [hppcqe] C:\WINDOWS\system32\hppcqe.exe
O4 - HKLM\..\RunServices: [waq] C:\WINDOWS\system32\waq.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Programmi\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [MySpaceIM] C:\Programmi\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Programmi\File comuni\Ahead\Lib\NMFirstStart.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Programmi\File comuni\Ahead\Lib\NMFirstStart.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-21-540474020-2071311459-3892815000-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Alfredo')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.it/online/online2/zuma/oberongamesloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C8BF8E0-4CDA-407A-8134-0F96DF938216}: NameServer = 85.37.17.9 85.38.28.75
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C8BF8E0-4CDA-407A-8134-0F96DF938216}: NameServer = 85.37.17.9 85.38.28.75
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C8BF8E0-4CDA-407A-8134-0F96DF938216}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 14488 bytes

[Palommellarossa]

ComboFix 08-02-22.3 - Valentina 2008-02-22 18.30.53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.320 [GMT 1:00]
Eseguito da: D:\Documents and Settings\Valentina\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programmi\WinBudget
C:\Programmi\WinBudget\bin\matrix.dat
C:\WINDOWS\system32\0_exception.nls
C:\WINDOWS\system32\drivers\Cbl64.sys
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\g.exe
C:\WINDOWS\system32\m.exe
D:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr0.dat
D:\Documents and Settings\All Users\Dati applicazioni\Microsoft\Network\Downloader\qmgr1.dat

----- BITS: Possible infected sites -----

hxxp://au.download.windowsupdate.cõj
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_LANMANDRV
-------\LEGACY_RUNTIME
-------\runtime


((((((((((((((((((((((((( Files Creati Da 2008-01-22 al 2008-02-22 )))))))))))))))))))))))))))))))))))
.

2008-02-22 18:26 . 2008-02-22 18:26 <DIR> d-------- C:\HJT
2008-02-20 22:14 . 2008-02-20 22:14 192,512 --a------ C:\WINDOWS\system32\hxqpymjj.exe
2008-02-20 20:22 . 2008-02-20 20:22 192,512 --a------ C:\WINDOWS\system32\hppcqe.exe
2008-02-20 19:53 . 2008-02-20 19:52 192,512 --a------ C:\WINDOWS\system32\webr.exe
2008-02-20 19:53 . 2008-02-20 19:52 192,512 --a------ C:\WINDOWS\system32\gedaadc.exe
2008-02-20 19:32 . 2008-02-20 19:32 192,512 --a------ C:\WINDOWS\system32\tdhjo.exe
2008-02-20 19:32 . 2008-02-20 19:32 192,512 --a------ C:\WINDOWS\system32\pewbpkmjfau.exe
2008-02-20 18:51 . 2008-02-20 18:50 192,512 --a------ C:\WINDOWS\system32\zlzmup.exe
2008-02-20 18:51 . 2008-02-20 18:51 192,512 --a------ C:\WINDOWS\system32\owyqenqrjges.exe
2008-02-20 18:32 . 2008-02-20 18:31 192,512 --a------ C:\WINDOWS\system32\ifoxuyskk.exe
2008-02-20 18:29 . 2008-02-20 18:29 <DIR> d-------- D:\Documents and Settings\Alfredo\Dati applicazioni\SUPERAntiSpyware.com
2008-02-20 18:13 . 2008-02-20 18:13 192,512 --a------ C:\WINDOWS\system32\xpdcmka.exe
2008-02-20 14:59 . 2008-02-20 14:58 192,512 --a------ C:\WINDOWS\system32\hmuzd.exe
2008-02-20 10:40 . 2008-02-20 10:40 192,512 --a------ C:\WINDOWS\system32\rsky.exe
2008-02-19 22:57 . 2004-09-07 13:00 29,056 --a------ C:\WINDOWS\system32\dllcache\ip6fw.sys
2008-02-19 22:25 . 2008-02-19 22:25 <DIR> d-------- D:\Documents and Settings\Valentina\Dati applicazioni\SUPERAntiSpyware.com
2008-02-19 22:25 . 2008-02-19 22:25 <DIR> d-------- D:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-02-19 22:25 . 2008-02-21 22:57 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-02-19 22:25 . 2008-02-19 22:25 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-02-19 11:09 . 2008-02-19 11:09 <DIR> d-------- D:\Documents and Settings\Alfredo\Dati applicazioni\MySpace
2008-02-17 13:09 . 2008-02-17 13:39 <DIR> d-------- D:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-02-17 13:09 . 2008-02-17 13:10 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-02-16 23:44 . 2008-02-16 23:44 <DIR> d-------- D:\Documents and Settings\Valentina\Dati applicazioni\MySpace
2008-02-16 23:44 . 2008-02-16 23:44 <DIR> d-------- C:\Programmi\MySpace
2008-02-16 12:52 . 2008-02-22 18:16 21,632 --a------ C:\WINDOWS\system32\drivers\Xqm75.sys
2008-02-15 21:40 . 2008-02-21 22:55 <DIR> d-------- C:\MSNFix
2008-02-15 21:14 . 2008-02-15 21:39 <DIR> d-------- C:\Programmi\MSNFix
2008-02-15 20:09 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-02-15 20:05 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\gnfvslpiktcj.sys
2008-02-15 19:40 . 2008-02-22 18:36 7,168 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-02-15 19:30 . 2008-02-16 14:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-15 19:30 . 2008-02-15 19:30 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-15 19:30 . 2006-04-03 09:59 128 --a------ C:\WINDOWS\system32\xposer.cfg
2008-02-15 19:30 . 2006-04-03 09:59 128 --a------ C:\WINDOWS\system32\asinst.cfg
2008-02-14 21:06 . 2008-02-14 20:02 79,872 -r-hs---- C:\WINDOWS\system32\microsoft32dll.exe
2008-02-07 19:35 . 2008-02-07 19:35 <DIR> d-------- C:\Programmi\PandoBar
2008-02-07 19:35 . 2008-02-07 19:35 <DIR> d-------- C:\Programmi\Pando Networks
2008-02-03 15:50 . 2008-02-03 15:50 <DIR> d--h----- D:\Documents and Settings\NetworkService.NT AUTHORITY.001\Impostazioni locali
2008-02-03 15:50 . 2008-02-03 15:50 <DIR> d-------- D:\Documents and Settings\NetworkService.NT AUTHORITY.001\Dati applicazioni
2008-02-03 15:50 . 2008-02-03 15:50 <DIR> d--h----- D:\Documents and Settings\LocalService.NT AUTHORITY.001\Impostazioni locali
2008-02-03 15:50 . 2008-02-03 15:50 <DIR> d-------- D:\Documents and Settings\LocalService.NT AUTHORITY.001\Dati applicazioni

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 22:11 --------- d-----w D:\Documents and Settings\Valentina\Dati applicazioni\uTorrent
2008-02-21 15:51 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-02-21 13:49 --------- d-----w D:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-02-20 14:09 --------- d-----w C:\Programmi\BigFun
2008-02-16 14:25 --------- d-----w D:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
2008-02-16 13:15 --------- d-----w D:\Documents and Settings\Alfredo\Dati applicazioni\Vso
2008-02-15 19:59 --------- d-----w D:\Documents and Settings\Valentina\Dati applicazioni\Vso
2008-02-15 19:01 --------- d-----w C:\Programmi\iTunes
2008-02-15 19:00 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-02-15 19:00 --------- d-----w C:\Programmi\Windows Live Favorites
2008-02-15 19:00 --------- d-----w C:\Programmi\Google
2008-02-03 19:23 --------- d-----w C:\Programmi\eMule
2008-02-03 14:49 --------- d-----w D:\Documents and Settings\Alfredo\Dati applicazioni\uTorrent
2008-02-03 14:48 --------- d-----w C:\Programmi\QuickTime
2008-01-11 05:32 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:50 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:04 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:03 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:40 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:40 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-09-01 20:53 60,128 ----a-w D:\Documents and Settings\Valentina\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-07-05 13:46 60,128 ----a-w D:\Documents and Settings\Alfredo\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-04-12 14:46 87,608 ----a-w D:\Documents and Settings\Alfredo\Dati applicazioni\ezpinst.exe
2007-04-12 14:46 47,360 ----a-w D:\Documents and Settings\Alfredo\Dati applicazioni\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ C:\Programmi\Windows Live\Family Safety\fssbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}

[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-12-08 15:39 975360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 10:22 68856]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 13:00 15360]
"Pando"="C:\Programmi\Pando Networks\Pando\Pando.exe" [2008-02-04 14:59 6051144]
"MySpaceIM"="C:\Programmi\MySpace\IM\MySpaceIM.exe" [2008-02-01 21:32 8699904]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-07 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-07 13:00 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"nwiz"="nwiz.exe" [2006-04-27 23:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-27 23:47 86016]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 12:03 310272]
"DetectorApp"="C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 05:15 102400]
"ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [ ]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-07 13:00 208952]
"GSICONEXE"="GSICON.EXE" []
"DSLAGENTEXE"="DSLAGENT.exe" []
"GsiFinal"="gspndll.dll" [2002-02-22 09:16 110592 C:\WINDOWS\system32\gspnDll.dll]
"CnxTrApp"="C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll" [2004-04-20 16:24 247296]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
"LogitechCommunicationsManager"="C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Programmi\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"fssui"="C:\Programmi\Windows Live\Family Safety\fssui.exe" [2007-12-17 11:12 243240]
"Microsoft Dll Manager"="microsoft32dll.exe" [2008-02-14 20:02 79872 C:\WINDOWS\system32\microsoft32dll.exe]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"rsky"="C:\WINDOWS\system32\rsky.exe" [2008-02-20 10:40 192512]
"hmuzd"="C:\WINDOWS\system32\hmuzd.exe" [2008-02-20 14:58 192512]
"hppcqe"="C:\WINDOWS\system32\hppcqe.exe" [2008-02-20 20:22 192512]
"waq"="C:\WINDOWS\system32\waq.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 13:00 15360]
"MySpaceIM"="C:\Programmi\MySpace\IM\MySpaceIM.exe" [2008-02-01 21:32 8699904]

D:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-04-11 19:04:58 212992]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [1999-10-22 00:10:00 217600]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-02-22 18:36 7168 C:\WINDOWS\system32\WLCtrl32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"D:\\Documents and Settings\\Alfredo\\Documenti\\software\\utorrent\\utorrent.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"D:\\Documents and Settings\\Valentina\\Documenti\\programmi\\utorrent.exe"=
"C:\\Programmi\\eMule\\eMule.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmi\\NetMeeting\\conf.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\APPS\\skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system\\lsass.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\Programmi\\Pando Networks\\Pando\\pando.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56497:TCP"= 56497:TCP:Pando P2P TCP Listening Port
"56497:UDP"= 56497:UDP:Pando P2P UDP Listening Port

R0 Xqm75;Xqm75;C:\WINDOWS\system32\Drivers\Xqm75.sys [2008-02-22 18:16]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Programmi\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 11:13]
S2 Digimax35;Digimax35 MP3;C:\WINDOWS\system32\drivers\dmxcam.sys [2000-08-02 23:52]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-15 19:04:10 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-02-22 17:03:00 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-22 18:37:24
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\iPod\bin\iPodService.exe
.
**************************************************************************
.
Ora fine scansione: 2008-02-22 18:40:12 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-22 17:40:08
.
2008-02-13 22:25:40 --- E O F ---

[bdoriano]

Direi che hai parecchie schifezze in giro per il disco...

Crea un file di testo con le seguenti istruzioni:

[Palommellarossa]

BDORIANO, SE MI SALVI SARAI ELETTO A IDOLO NUMERO UNO!!! HEHEHE


ALLORA, PRIMO RISULTATO:




ComboFix 08-02-22.3 - Valentina 2008-02-23 18.47.52.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.446 [GMT 1:00]
Eseguito da: D:\Documents and Settings\Valentina\Desktop\ComboFix.exe
Command switches used :: D:\Documents and Settings\Valentina\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

FILE ::
C:\WINDOWS\system32\gedaadc.exe
C:\WINDOWS\system32\hmuzd.exe
C:\WINDOWS\system32\hppcqe.exe
C:\WINDOWS\system32\hxqpymjj.exe
C:\WINDOWS\system32\ifoxuyskk.exe
C:\WINDOWS\system32\microsoft32dll.exe
C:\WINDOWS\system32\owyqenqrjges.exe
C:\WINDOWS\system32\pewbpkmjfau.exe
C:\WINDOWS\system32\rsky.exe
C:\WINDOWS\system32\tdhjo.exe
C:\WINDOWS\system32\waq.exe
C:\WINDOWS\system32\webr.exe
C:\WINDOWS\system32\xpdcmka.exe
C:\WINDOWS\system32\zlzmup.exe
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\8_exception.nls
C:\WINDOWS\system32\drivers\ip6fw.sys
C:\WINDOWS\system32\gedaadc.exe
C:\WINDOWS\system32\hmuzd.exe
C:\WINDOWS\system32\hppcqe.exe
C:\WINDOWS\system32\hxqpymjj.exe
C:\WINDOWS\system32\ifoxuyskk.exe
C:\WINDOWS\system32\microsoft32dll.exe
C:\WINDOWS\system32\owyqenqrjges.exe
C:\WINDOWS\system32\pewbpkmjfau.exe
C:\WINDOWS\system32\rsky.exe
C:\WINDOWS\system32\tdhjo.exe
C:\WINDOWS\system32\webr.exe
C:\WINDOWS\system32\xpdcmka.exe
C:\WINDOWS\system32\zlzmup.exe

.
((((((((((((((((((((((((( Files Creati Da 2008-01-23 al 2008-02-23 )))))))))))))))))))))))))))))))))))
.

2008-02-23 18:44 . 2008-02-23 18:44 7,168 --a------ C:\WINDOWS\system32\WLCtrl32.dl_
2008-02-22 18:26 . 2008-02-22 18:26 <DIR> d-------- C:\HJT
2008-02-20 18:29 . 2008-02-20 18:29 <DIR> d-------- D:\Documents and Settings\Alfredo\Dati applicazioni\SUPERAntiSpyware.com
2008-02-19 22:57 . 2004-09-07 13:00 29,056 --a------ C:\WINDOWS\system32\dllcache\ip6fw.sys
2008-02-19 22:25 . 2008-02-19 22:25 <DIR> d-------- D:\Documents and Settings\Valentina\Dati applicazioni\SUPERAntiSpyware.com
2008-02-19 22:25 . 2008-02-19 22:25 <DIR> d-------- D:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-02-19 22:25 . 2008-02-21 22:57 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-02-19 22:25 . 2008-02-19 22:25 <DIR> d-------- C:\Programmi\File comuni\Wise Installation Wizard
2008-02-19 11:09 . 2008-02-19 11:09 <DIR> d-------- D:\Documents and Settings\Alfredo\Dati applicazioni\MySpace
2008-02-17 13:09 . 2008-02-17 13:39 <DIR> d-------- D:\Documents and Settings\All Users\Dati applicazioni\Spybot - Search & Destroy
2008-02-17 13:09 . 2008-02-17 13:10 <DIR> d-------- C:\Programmi\Spybot - Search & Destroy
2008-02-16 23:44 . 2008-02-16 23:44 <DIR> d-------- D:\Documents and Settings\Valentina\Dati applicazioni\MySpace
2008-02-16 23:44 . 2008-02-16 23:44 <DIR> d-------- C:\Programmi\MySpace
2008-02-16 12:52 . 2008-02-23 18:44 21,632 --a------ C:\WINDOWS\system32\drivers\Xqm75.sys
2008-02-15 21:40 . 2008-02-21 22:55 <DIR> d-------- C:\MSNFix
2008-02-15 21:14 . 2008-02-15 21:39 <DIR> d-------- C:\Programmi\MSNFix
2008-02-15 20:09 . 2007-06-05 10:56 44,928 --a------ C:\WINDOWS\system32\drivers\SDTHOOK.SYS
2008-02-15 20:05 . 2007-06-08 09:44 8,576 --a------ C:\WINDOWS\system32\drivers\gnfvslpiktcj.sys
2008-02-15 19:40 . 2008-02-23 18:41 7,168 --a------ C:\WINDOWS\system32\WLCtrl32.dll
2008-02-15 19:30 . 2008-02-16 14:29 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2008-02-15 19:30 . 2008-02-15 19:30 30,590 --a------ C:\WINDOWS\system32\pavas.ico
2008-02-15 19:30 . 2006-04-03 09:59 128 --a------ C:\WINDOWS\system32\xposer.cfg
2008-02-15 19:30 . 2006-04-03 09:59 128 --a------ C:\WINDOWS\system32\asinst.cfg
2008-02-07 19:35 . 2008-02-07 19:35 <DIR> d-------- C:\Programmi\PandoBar
2008-02-07 19:35 . 2008-02-07 19:35 <DIR> d-------- C:\Programmi\Pando Networks
2008-02-03 15:50 . 2008-02-22 18:40 <DIR> d--h----- D:\Documents and Settings\NetworkService.NT AUTHORITY.001\Impostazioni locali
2008-02-03 15:50 . 2008-02-03 15:50 <DIR> d-------- D:\Documents and Settings\NetworkService.NT AUTHORITY.001\Dati applicazioni
2008-02-03 15:50 . 2008-02-22 18:40 <DIR> d--h----- D:\Documents and Settings\LocalService.NT AUTHORITY.001\Impostazioni locali
2008-02-03 15:50 . 2008-02-03 15:50 <DIR> d-------- D:\Documents and Settings\LocalService.NT AUTHORITY.001\Dati applicazioni

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-23 14:51 --------- d-----w C:\Programmi\BigFun
2008-02-22 21:16 --------- d-----w D:\Documents and Settings\Valentina\Dati applicazioni\uTorrent
2008-02-21 15:51 --------- d-----w C:\Programmi\Messenger Plus! Live
2008-02-21 13:49 --------- d-----w D:\Documents and Settings\All Users\Dati applicazioni\WLInstaller
2008-02-16 14:25 --------- d-----w D:\Documents and Settings\All Users\Dati applicazioni\DVD Shrink
2008-02-16 13:15 --------- d-----w D:\Documents and Settings\Alfredo\Dati applicazioni\Vso
2008-02-15 19:59 --------- d-----w D:\Documents and Settings\Valentina\Dati applicazioni\Vso
2008-02-15 19:01 --------- d-----w C:\Programmi\iTunes
2008-02-15 19:00 --------- d-----w C:\Programmi\Windows Live Toolbar
2008-02-15 19:00 --------- d-----w C:\Programmi\Windows Live Favorites
2008-02-15 19:00 --------- d-----w C:\Programmi\Google
2008-02-03 19:23 --------- d-----w C:\Programmi\eMule
2008-02-03 14:49 --------- d-----w D:\Documents and Settings\Alfredo\Dati applicazioni\uTorrent
2008-02-03 14:48 --------- d-----w C:\Programmi\QuickTime
2008-01-11 05:32 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:50 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-08 05:04 3,592,192 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:03 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:40 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:40 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AVASTSS.scr
2007-09-01 20:53 60,128 ----a-w D:\Documents and Settings\Valentina\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-07-05 13:46 60,128 ----a-w D:\Documents and Settings\Alfredo\Dati applicazioni\GDIPFONTCACHEV1.DAT
2007-04-12 14:46 87,608 ----a-w D:\Documents and Settings\Alfredo\Dati applicazioni\ezpinst.exe
2007-04-12 14:46 47,360 ----a-w D:\Documents and Settings\Alfredo\Dati applicazioni\pcouffin.sys
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 11:12 56360 --a------ C:\Programmi\Windows Live\Family Safety\fssbho.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11D4-9B18-009027A5CD4F}
{EF99BD32-C1FB-11D2-892F-0090271D4F88}
{BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
{E3EA4FD9-CADE-4AE5-84F7-086EEE888BE4}

[HKEY_CLASSES_ROOT\clsid\{e3ea4fd9-cade-4ae5-84f7-086eee888be4}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmpcSys"="C:\APPS\SMP\SmpSys.exe" [2005-12-08 15:39 975360]
"swg"="C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-10 10:22 68856]
"updateMgr"="C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 15:45 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 13:00 15360]
"Pando"="C:\Programmi\Pando Networks\Pando\Pando.exe" [2008-02-04 14:59 6051144]
"MySpaceIM"="C:\Programmi\MySpace\IM\MySpaceIM.exe" [2008-02-01 21:32 8699904]
"SpybotSD TeaTimer"="C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-07 13:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-09-07 13:00 455168]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 13:01 67584]
"RTHDCPL"="RTHDCPL.EXE" [2006-05-18 13:27 16207872 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 17:04 2879488 C:\WINDOWS\SkyTel.exe]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-27 23:47 7573504]
"nwiz"="nwiz.exe" [2006-04-27 23:47 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-04-27 23:47 86016]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Vade Retro Outlook Express"="C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe" [2004-10-04 12:03 310272]
"DetectorApp"="C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe" [2005-10-20 05:15 102400]
"ISUSPM Startup"="C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" [ ]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-09-07 13:00 208952]
"GSICONEXE"="GSICON.EXE" []
"DSLAGENTEXE"="DSLAGENT.exe" []
"GsiFinal"="gspndll.dll" [2002-02-22 09:16 110592 C:\WINDOWS\system32\gspnDll.dll]
"CnxTrApp"="C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll" [2004-04-20 16:24 247296]
"NeroFilterCheck"="C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe" [2007-03-09 17:53 153136]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Programmi\iTunes\iTunesHelper.exe" [2007-09-26 13:42 267064]
"LogitechCommunicationsManager"="C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 16:33 563984]
"LogitechQuickCamRibbon"="C:\Programmi\Logitech\QuickCam\Quickcam.exe" [2007-10-25 16:37 2178832]
"fssui"="C:\Programmi\Windows Live\Family Safety\fssui.exe" [2007-12-17 11:12 243240]
"Microsoft Dll Manager"="microsoft32dll.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices]
"rsky"="C:\WINDOWS\system32\rsky.exe" [ ]
"hmuzd"="C:\WINDOWS\system32\hmuzd.exe" [ ]
"hppcqe"="C:\WINDOWS\system32\hppcqe.exe" [ ]
"waq"="C:\WINDOWS\system32\waq.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 13:00 15360]
"MySpaceIM"="C:\Programmi\MySpace\IM\MySpaceIM.exe" [2008-02-01 21:32 8699904]

D:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Alice ti aiuta.lnk - C:\Programmi\Alice ti aiuta\bin\matcli.exe [2007-04-11 19:04:58 212992]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 21:05:26 29696]
EPSON Status Monitor 3 Environment Check.lnk - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE [1999-10-22 00:10:00 217600]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 08:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Programmi\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WLCtrl32]
WLCtrl32.dll 2008-02-23 18:41 7168 C:\WINDOWS\system32\WLCtrl32.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"= %windir%\\system32\\sessmgr.exe:@xpsp2res.dll,-22019
"D:\\Documents and Settings\\Alfredo\\Documenti\\software\\utorrent\\utorrent.exe"=
"C:\\Programmi\\Messenger\\msmsgs.exe"=
"D:\\Documents and Settings\\Valentina\\Documenti\\programmi\\utorrent.exe"=
"C:\\Programmi\\eMule\\eMule.exe"=
"C:\\WINDOWS\\system32\\rtcshare.exe"=
"C:\\Programmi\\NetMeeting\\conf.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\APPS\\skype\\Phone\\Skype.exe"=
"C:\\WINDOWS\\system\\lsass.exe"=
"C:\\Programmi\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"= %windir%\\Network Diagnostic\\xpnetdiag.exe:@xpsp3res.dll,-20000
"C:\\Programmi\\Pando Networks\\Pando\\pando.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Programmi\\MySpace\\IM\\MySpaceIM.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56497:TCP"= 56497:TCP:Pando P2P TCP Listening Port
"56497:UDP"= 56497:UDP:Pando P2P UDP Listening Port

R0 Xqm75;Xqm75;C:\WINDOWS\system32\Drivers\Xqm75.sys [2008-02-23 18:44]
R2 fssfltr;FssFltr;C:\WINDOWS\system32\DRIVERS\fssfltr.sys [2007-10-17 13:53]
R2 fsssvc;Windows Live OneCare Family Safety;"C:\Programmi\Windows Live\Family Safety\fsssvc.exe" [2007-12-17 11:13]
S2 Digimax35;Digimax35 MP3;C:\WINDOWS\system32\drivers\dmxcam.sys [2000-08-02 23:52]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-02-22 19:04:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Programmi\Apple Software Update\SoftwareUpdate.exe
"2008-02-23 16:03:00 C:\WINDOWS\Tasks\Verifica aggiornamenti per Windows Live Toolbar.job"
- C:\Programmi\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-23 18:49:49
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\WLCtrl32.dll
.
Ora fine scansione: 2008-02-23 18.50.30
ComboFix-quarantined-files.txt 2008-02-23 17:50:27
ComboFix2.txt 2008-02-22 17:40:13
.
2008-02-13 22:25:40 --- E O F ---

[Palommellarossa]

SECONDO RISULTATO



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.59.57, on 23/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe
C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\Programmi\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\dllhost.exe
C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe
C:\Programmi\Logitech\QuickCam\Quickcam.exe
C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
C:\Programmi\Windows Live\Family Safety\fssui.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\APPS\SMP\SmpSys.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Pando Networks\Pando\Pando.exe
C:\Programmi\MySpace\IM\MySpaceIM.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\File comuni\Logishrd\LQCVFX\COCIManager.exe
C:\Programmi\Alice ti aiuta\bin\mpbtn.exe
C:\Programmi\iPod\bin\iPodService.exe
C:\Programmi\MySpace\IM\MySpaceIM.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
D:\Documents and Settings\Valentina\Documenti\programmi\utorrent.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Windows Media Player\wmplayer.exe
D:\Documents and Settings\Valentina\Documenti\programmi\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.huddi.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://it.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://it.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://it.search.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://it.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://it.search.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://it.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Programmi\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Programmi\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Programmi\Pando Networks\Pando\PandoIEPlugin.dll
O2 - BHO: Windows Live OneCare Family Safety Browser Helper - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Programmi\Windows Live\Family Safety\fssbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Programmi\PandoBar\bar\1.bin\PANDOBAR.DLL
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Programmi\PandoBar\bar\1.bin\PANDOBAR.DLL
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
O4 - HKLM\..\Run: [DetectorApp] C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FILECO~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programmi\File comuni\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32"
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] DSLAGENT.EXE USB
O4 - HKLM\..\Run: [GsiFinal] rundll32 gspndll.dll,postInstall final
O4 - HKLM\..\Run: [CnxTrApp] rundll32.exe "C:\Programmi\Pirelli\Access Gateway USB Network\CnxTrApp.dll",AppEntry -REG "Pirelli\Access Gateway USB"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programmi\File comuni\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programmi\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Programmi\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Programmi\File comuni\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Programmi\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [fssui] "C:\Programmi\Windows Live\Family Safety\fssui.exe" -autorun
O4 - HKLM\..\Run: [Microsoft Dll Manager] microsoft32dll.exe
O4 - HKLM\..\RunServices: [rsky] C:\WINDOWS\system32\rsky.exe
O4 - HKLM\..\RunServices: [hmuzd] C:\WINDOWS\system32\hmuzd.exe
O4 - HKLM\..\RunServices: [hppcqe] C:\WINDOWS\system32\hppcqe.exe
O4 - HKLM\..\RunServices: [waq] C:\WINDOWS\system32\waq.exe
O4 - HKCU\..\Run: [SmpcSys] C:\APPS\SMP\SmpSys.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] C:\Programmi\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Pando] "C:\Programmi\Pando Networks\Pando\Pando.exe" /Minimized
O4 - HKCU\..\Run: [MySpaceIM] C:\Programmi\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Programmi\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Programmi\Messenger\msmsgs.exe" /background (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Programmi\File comuni\Ahead\Lib\NMFirstStart.exe (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Programmi\File comuni\Ahead\Lib\NMFirstStart.exe (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Alice ti aiuta.lnk = C:\Programmi\Alice ti aiuta\bin\matcli.exe
O4 - Global Startup: Avvio veloce di Adobe Reader.lnk = C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV03.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Inserisci blog - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Inserisci &blog in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programmi\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\it.htm
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=67633
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/IT-IT/a-UNO1/GAME_UNO1.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://game09.zylom.com/activex/zylomgamesplayer.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://www.gamenext.it/online/online2/zuma/oberongamesloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0C8BF8E0-4CDA-407A-8134-0F96DF938216}: NameServer = 85.37.17.9 85.38.28.75
O17 - HKLM\System\CS1\Services\Tcpip\..\{0C8BF8E0-4CDA-407A-8134-0F96DF938216}: NameServer = 85.37.17.9 85.38.28.75
O17 - HKLM\System\CS2\Services\Tcpip\..\{0C8BF8E0-4CDA-407A-8134-0F96DF938216}: NameServer = 85.37.17.9 85.38.28.75
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WLCtrl32 - C:\WINDOWS\SYSTEM32\WLCtrl32.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programmi\File comuni\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Programmi\iPod\bin\iPodService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Programmi\File comuni\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Programmi\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Programmi\File comuni\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: USBDeviceService - Unknown owner - C:\Programmi\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

--
End of file - 14015 bytes

[Palommellarossa]

Mi chiedevo... visto che ho il pc condiviso, questo servizio devo farlo anche dall'altro lato?

[bdoriano]

Prima finiamo questo "giro", dopo faremo un controllo anche sul secondo utente.

Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

[Palommellarossa]

Et voilà


http://www.freefilehosting.net/download/3ceje

[bdoriano]

Per cancellare i files infetti presenti nel ripristino di sistema, Disabilita il ripristino di sistema.

Se da "questo lato" non riscontri più problemi, possiamo passare all'altro utente.

[Palommellarossa]

[bdoriano]

[Palommellarossa]

Scusami se insisto...
... però...
devo disattivare il ripristino e fare una normale scansione (con avast)?
Perchè il link mi porta solo a come si disattiva il ripristino di configurazione di sistema...

[bdoriano]

[Palommellarossa]

Stràfico!
cioè, i virus(es) sono sconfitti e mi basta disattivare il ripristino?
Anche se avast mi segnala ancora trojans?

[Palommellarossa]

Tutto fatto!
Peccato che il mouse va ancora per i fatti suoi...
forse devo operare "dall'altro lato"?
bdoria', aiutam tu!

[bdoriano]

Avast ti segnala ancora il trojan?
Comincia a fare le scansioni dall'altro lato.