Olimpo Informatico

[jepix]

Ciao a tutti, ieri ho beccato un virus che mi ha bloccato:

- gli antivirus;
- hijackthis
- non mi fa vedere le connessioni di rete...

ho lanciato elibgla e mi ha trovato alcuni files infetti.

ma non mi trova più le connessioni di rete...non mifa fare kaspersky on line...

aiutatemi per favore!!!!

[Sante62]

Ciao jepix
Posta il log generato da Elibagla;
Inoltre fai la scansione con questi:
CCleaner;
Combofix;
Virit;
Hijackthis;

Casomai, installali in una pen drive e poi trasferiscili sul PC infetto...

[jepix]

ciao sante62 ti posto il log di elibagla:


Sat Feb 09 13:02:44 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sat Feb 09 13:02:46 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 5125
Nº Total de Ficheros: 45539
Nº de Ficheros Analizados: 10973
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sat Feb 09 17:27:57 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sat Feb 09 17:27:59 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 5119
Nº Total de Ficheros: 42541
Nº de Ficheros Analizados: 10768
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sat Feb 09 20:20:27 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sat Feb 09 20:20:29 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 5113
Nº Total de Ficheros: 42326
Nº de Ficheros Analizados: 10772
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Sun Feb 10 12:37:32 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Sun Feb 10 12:37:45 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 5121
Nº Total de Ficheros: 42152
Nº de Ficheros Analizados: 10809
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Tue Jun 03 16:51:42 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.97
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.97
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"

Tue Jun 03 17:29:27 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.97
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.

Tue Jun 03 17:51:47 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.97
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v10.97
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"

Tue Jun 03 17:51:52 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 5313
Nº Total de Ficheros: 44367
Nº de Ficheros Analizados: 10856
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Tue Jun 03 17:57:43 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 4151
Nº Total de Ficheros: 88207
Nº de Ficheros Analizados: 2956
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Wed Jun 04 16:16:10 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.97
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.

Wed Jun 04 16:16:25 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
Por favor, envienos una muestra del fichero
C:\Muestras\SROSA.SYS.Muestra EliBagle v10.97
a "virus@satinfo.es". Gracias.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle Acceso Denegado.

Wed Jun 04 17:11:03 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\GCOCOLA\DATI APPLICAZIONI\M\FLEC006.EXE --> Bagle Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\GCOCOLA\DATI APPLICAZIONI\M\LIST.OCT --> Eliminado Bagle
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Jun 04 17:12:11 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\GCOCOLA\DATI APPLICAZIONI\M\FLEC006.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Jun 04 17:14:39 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\GCOCOLA\DATI APPLICAZIONI\M\FLEC006.EXE --> Bagle Acceso Denegado.
Restaurada Clave: "SafeBoot\Minimal y Network"
Reinicie para Completar la Limpieza.

Wed Jun 04 17:14:49 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\Muestras\HLDRRR.EXE.MUESTRA ELIBAGLE V10.97 --> Eliminado Bagle.dldr
C:\Muestras\SROSA.SYS.MUESTRA ELIBAGLE V10.97 --> Eliminado Bagle (rootkit)
C:\Muestras\WINTEMS.EXE.MUESTRA ELIBAGLE V10.97 --> Eliminado Bagle
C:\Programmi\Synaptics\SynTP\SYNTPLPR.EXE --> Eliminado Bagle.dldr
C:\WINDOWS\system32\drivers\SROSA.SYS --> Acceso Denegado, Bagle (rootkit) (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 5308
Nº Total de Ficheros: 44414
Nº de Ficheros Analizados: 10856
Nº de Ficheros Infectados: 5
Nº de Ficheros Limpiados: 5

Wed Jun 04 17:28:46 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\GCOCOLA\DATI APPLICAZIONI\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Jun 04 17:28:51 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\SROSA.SYS --> Acceso Denegado, Bagle (rootkit) (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 5308
Nº Total de Ficheros: 44355
Nº de Ficheros Analizados: 10852
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Wed Jun 04 18:43:56 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):
C:\WINDOWS\SYSTEM32\WINTEMS.EXE --> Bagle Acceso Denegado.
C:\WINDOWS\SYSTEM32\BAN_LIST.TXT --> Eliminado Bagle
C:\WINDOWS\SYSTEM32\DRIVERS\SROSA.SYS --> Bagle (rootkit) Acceso Denegado.
C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE --> Bagle.dldr Acceso Denegado.
C:\DOCUMENTS AND SETTINGS\GCOCOLA\DATI APPLICAZIONI\M\FLEC006.EXE --> Bagle.dldr Acceso Denegado.
Reinicie para Completar la Limpieza.

Wed Jun 04 18:44:00 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\WINDOWS\system32\drivers\SROSA.SYS --> Acceso Denegado, Bagle (rootkit) (Reiniciar para completar la Limpieza)

Nº Total de Directorios: 5308
Nº Total de Ficheros: 44451
Nº de Ficheros Analizados: 10852
Nº de Ficheros Infectados: 1
Nº de Ficheros Limpiados: 1

Thu Jun 05 11:06:23 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Thu Jun 05 11:06:25 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\
C:\QooBox\Quarantine\C\Documents and Settings\gcocola\Dati applicazioni\m\FLEC006.EXE.VIR --> Eliminado Bagle.dldr
C:\QooBox\Quarantine\C\WINDOWS\system32\MDELK.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\WINDOWS\system32\WINTEMS.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\HLDRRR.EXE.VIR --> Eliminado Bagle.dldr
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\MDELK.EXE.VIR --> Eliminado Bagle.dldr
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\216951.EXE.VIR --> Eliminado Bagle
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\downld\251000.EXE.VIR --> Eliminado Bagle

Nº Total de Directorios: 5203
Nº Total de Ficheros: 45099
Nº de Ficheros Analizados: 10730
Nº de Ficheros Infectados: 7
Nº de Ficheros Limpiados: 7

Thu Jun 05 11:17:24 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Thu Jun 05 11:17:27 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 5203
Nº Total de Ficheros: 45092
Nº de Ficheros Analizados: 10723
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Thu Jun 05 11:54:32 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Thu Jun 05 11:54:34 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 5199
Nº Total de Ficheros: 45076
Nº de Ficheros Analizados: 10723
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Thu Jun 05 12:09:33 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

Thu Jun 05 12:09:34 2008
EliBagle v11.45 (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 2 de Junio del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 5195
Nº Total de Ficheros: 45061
Nº de Ficheros Analizados: 10716
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Thu Jun 05 12:35:33 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Thu Jun 05 12:35:35 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 5198
Nº Total de Ficheros: 45070
Nº de Ficheros Analizados: 10718
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Thu Jun 05 12:40:12 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 4148
Nº Total de Ficheros: 88169
Nº de Ficheros Analizados: 2936
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Thu Jun 05 18:28:02 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Acción Directa):

Thu Jun 05 18:28:04 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios: 5214
Nº Total de Ficheros: 45167
Nº de Ficheros Analizados: 10716
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

Thu Jun 05 18:33:03 2008
EliBagle v10.97 (c)2008 S.G.H. / Satinfo S.L.
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad D:\

Nº Total de Directorios: 4141
Nº Total de Ficheros: 88001
Nº de Ficheros Analizados: 2938
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados: 0

[Sante62]

Hai fatto girare Combofix prima di Elibagla per caso?

Posta il log di Combofix e gli altri;

quando sono troppo lunghi postali come indicato quì

[jepix]

ti posto il log di combofix e quello di hijackthis:
ComboFix 08-06-03.4 - gcocola 2008-06-05 19.41.34.3 - NTFSx86 MINIMAL
Eseguito da: D:\Programmi per virus\Combo-Fix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\setup.ini

.
((((((((((((((((((((((((( Files Creati Da 2008-05-05 al 2008-06-05 )))))))))))))))))))))))))))))))))))
.

2008-06-05 18:04 . 2008-06-05 18:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-06-05 12:32 . 2008-06-05 12:32 <DIR> d-------- C:\Programmi\ZyXEL ADSL Modem
2008-06-05 12:32 . 2006-05-10 05:17 417,792 -ra------ C:\WINDOWS\system32\stmcfg32.dll
2008-06-05 12:32 . 2006-05-10 05:17 155,648 -ra------ C:\WINDOWS\system32\stmctrl.dll
2008-06-05 12:32 . 2008-06-05 12:33 3,239 --a------ C:\WINDOWS\stsetup.htm
2008-06-04 19:46 . 2008-06-04 19:46 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-27 17:02 . 2008-05-27 17:02 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-05-23 13:03 . 2008-06-05 18:08 1,312 --a------ C:\WINDOWS\mgutil_reg.ini
2008-05-23 12:58 . 2008-05-23 12:58 40 --a------ C:\WINDOWS\mgutil_win.ini
2008-05-21 18:23 . 2008-05-21 18:27 <DIR> d-------- C:\keygen
2008-05-20 17:32 . 2008-05-20 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-05-20 17:31 . 2008-05-20 17:31 <DIR> d-------- C:\Programmi\DIFX
2008-05-20 17:28 . 2008-05-20 17:28 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2008-05-20 17:10 . 2008-05-20 17:10 19 --a------ C:\WINDOWS\SoundConverter.INI
2008-05-20 17:05 . 2005-05-27 15:13 128,295 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-05-20 17:05 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-05-20 17:05 . 2005-05-27 15:13 53,050 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-20 17:05 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-05-20 17:05 . 2005-05-27 15:13 11,001 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-05-20 17:05 . 2005-05-27 15:13 7,288 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-05-20 16:59 . 2008-05-21 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-05-07 11:06 . 2008-05-07 11:06 <DIR> d-------- C:\Programmi\MSXML 6.0
2008-05-06 16:07 . 2008-05-06 16:07 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-06 16:05 . 2008-05-06 16:05 <DIR> d-------- C:\Programmi\Reference Assemblies
2008-05-06 16:02 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-05 17:38 27,548 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-05 17:38 265,504 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-05 16:26 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-06-03 12:26 15,303,712 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-05-27 17:29 207,896 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-05-27 15:05 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-27 15:02 --------- d-----w C:\Programmi\File comuni\Nokia
2008-05-24 10:16 --------- d-----w C:\Programmi\Java
2008-05-23 11:03 --------- d-----w C:\Programmi\ViewCRD
2008-05-23 10:45 --------- d-----w C:\Programmi\Windows Live Safety Center
2008-05-21 14:45 --------- d-----w C:\Documents and Settings\gcocola\Dati applicazioni\AdobeUM
2008-05-20 18:39 --------- d-----w C:\Documents and Settings\gcocola\Dati applicazioni\PC Suite
2008-05-20 15:46 --------- d-----w C:\Documents and Settings\gcocola\Dati applicazioni\Nokia
2008-05-15 07:54 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-05-06 14:12 --------- d-----w C:\Programmi\MSBuild
2008-05-05 14:37 --------- d-----w C:\Programmi\SplitCam
2008-04-19 14:25 21,840 -c--atw C:\WINDOWS\system32\SIntfNT.dll
2008-04-19 14:25 17,212 -c--atw C:\WINDOWS\system32\SIntf32.dll
2008-04-19 14:25 12,067 -c--atw C:\WINDOWS\system32\SIntf16.dll
2008-04-08 13:22 --------- d-----w C:\Programmi\ModelliFiscali
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 09:35 216,064 -c--a-w C:\WINDOWS\iun3405.exe
2008-02-08 15:59 38 -c--a-w C:\Documents and Settings\gcocola\dell.bat
2003-04-22 19:02 135,168 ----a-w C:\Programmi\AVIPreview.exe
1999-07-11 18:28 276,992 -c--a-w C:\Programmi\MpgJoin.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:39 15360]
"RogueMonitor"="D:\Programmi\RogueRemover PRO\RogueRemoverPRO.exe" [2007-07-17 05:06 503808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdslTaskBar"="stmctrl.dll" [2006-05-10 05:17 155648 C:\WINDOWS\system32\stmctrl.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 2004-08-18 04:30 258048 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.l3codec"= l3codecp.acm
"vidc.sccd"= D:\PROGRA~2\LUMINO~1\SoftCam1.5\Driver\SCCodec.dll
"MSVideo7"= D:\PROGRA~2\LUMINO~1\SoftCam1.5\Driver\SCVid32.dll
"VIDC.ZDSV"= scrvid.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BlueSoleil.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\BlueSoleil.lnk
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Tasto di scelta rapida per l'avvio di AutoCAD.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Tasto di scelta rapida per l'avvio di AutoCAD.lnk
backup=C:\WINDOWS\pss\Tasto di scelta rapida per l'avvio di AutoCAD.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar]
-ra------ 2006-05-10 05:17 155648 C:\WINDOWS\system32\stmctrl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-08 12:06 94208 C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 2005-06-07 11:31 819712 C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-09-02 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
--a------ 2003-12-25 12:04 208896 C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]
--a------ 2008-06-04 18:51 139367 D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-06-29 15:29 176128 D:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-06-24 14:08 860160 D:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
--a------ 2002-09-04 02:05 53248 C:\WINDOWS\system32\TP4EX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
--a------ 2004-02-04 19:39 897024 C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SynTPEnh"=C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
"QCWLICON"=C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE
"AdslTaskBar"=rundll32.exe stmctrl.dll,TaskBar

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\Programmi\\Ares\\Ares.exe"=
"D:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Windows Media Player\\wmplayer.exe"=
"D:\\Programmi\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Italian\\setup.exe"=

R0 mcctl;mcctl;C:\WINDOWS\system32\drivers\mcctl.sys [2007-12-06 00:34]
R0 St323dk;St323dk;C:\WINDOWS\system32\drivers\St323dk.sys [2002-10-13 20:24]
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2004-08-18 04:30]
S1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2004-08-18 04:30]
S1 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-12-27 16:47]
S2 Ca504bv;Icatch(VII) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca504bv.sys [2002-10-21 12:37]
S2 gafwload;GlobeSpan USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys []
S2 ipx;TCP-IP Service;C:\WINDOWS\system32\wbem\ipxserv.exe []
S2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2004-11-14 07:01]
S3 mcdevice;mcdevice;C:\WINDOWS\system32\DRIVERS\mcdevice.sys [2007-12-06 00:45]
S3 NwlnkFlt;Driver filtro traffico IPX;C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [2002-09-10 14:00]
S3 NwlnkFwd;Driver inoltratore traffico IPX;C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [2002-09-10 14:00]
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2004-08-18 04:30]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2006-09-27 00:21]
S3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 06:51]
S3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-04-13 08:55]
S3 USBCamera;Icatch(VII) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk504B.sys [2002-07-25 12:19]
S4 Boonty Games;Boonty Games;"C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe" [2006-09-14 16:35]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0bdda14d-3130-11dc-aba5-0020e07d8962}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NoLimit.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{490c1194-28a6-11dd-b51a-0020e07d8962}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL auupbkcih.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d9750c9e-0e06-11dc-ab7d-0020e07d8962}]
\Shell\Auto\command - F:\ytgdeexuh.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL ytgdeexuh.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f62bb7e0-d78d-11db-ab2c-0020e07d8962}]
\Shell\Auto\command - J:\qouuosmyx.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qouuosmyx.exe

.
Contenuto della cartella 'Scheduled Tasks'
"2008-05-27 07:00:00 C:\WINDOWS\Tasks\LTKRN80N.job"
- C:\Scaricamenti\ltkrn80n\LTKRN80N.DLL
"2008-04-28 08:44:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- D:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-01 08:44:57 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- D:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-05 19:44:02
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-06-05 19.45.06
ComboFix-quarantined-files.txt 2008-06-05 17:45:02
ComboFix2.txt 2008-02-09 17:57:42

29 Directory 217,600,000 byte disponibili
31 Directory 212,881,408 byte disponibili

213 --- E O F --- 2008-06-03 10:45:38

hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:52, on 05/06/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Programmi\RogueRemover PRO\RogueRemoverPRO.exe
D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\gcocola\Impostazioni locali\Temporary Internet Files\Content.IE5\KQE95C6N\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finanzaefuturo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RogueMonitor] D:\Programmi\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206616255_9e8ac2e89ddbaca0fb1f6499acd06bd3&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5226/mcfscan.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: TCP-IP Service (ipx) - Unknown owner - C:\WINDOWS\system32\wbem\ipxserv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe

--
End of file - 8184 bytes

[jepix]

Ho fatto la scansione con virit e mi ha dato qs risultato:

VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
05/06/2008 - 20:11:04

[SCANSIONE DEL REGISTRO]
OK

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK

C:\Documents and Settings\gcocola\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\explorer.lnk Infetto da Trojan.Win32.Agent.SP
* * * RIMOSSO * * *
C:\Documents and Settings\gcocola\Dati applicazioni\Microsoft\Internet Explorer\Quick Launch\exsplorer.lnk Infetto da Trojan.Win32.Agent.SP
* * * RIMOSSO * * *

Chiavi Registro infette: 0.
Files Infetti: 2.
Files Sospetti: 0.
Files Analizzati: 45630.
Files Totali: 45630.
Chiavi Registro rimosse: 0.
Virus Rimossi: 2.

Adesso cosa devo fare?

grazie

[Sante62]

Crea un file di testo con le seguenti istruzioni:

[jepix]

ciao sante ti posto il log combofix e hijackthis:

ComboFix 08-06-03.4 - gcocola 2008-06-06 18.34.34.4 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.193 [GMT 2:00]
Eseguito da: D:\Programmi per virus\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\gcocola\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\keygen
C:\Scaricamenti\ltkrn80n\LTKRN80N.DLL
C:\WINDOWS\Tasks\LTKRN80N.job
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\setup.ini
C:\WINDOWS\Tasks\LTKRN80N.job

.
((((((((((((((((((((((((( Files Creati Da 2008-05-06 al 2008-06-06 )))))))))))))))))))))))))))))))))))
.

2008-06-06 17:55 . 2008-06-06 17:55 <DIR> d-------- C:\Programmi\Uniblue
2008-06-05 20:01 . 2008-03-17 19:23 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-06-05 18:04 . 2008-06-05 18:04 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab Setup Files
2008-06-05 12:32 . 2008-06-05 12:32 <DIR> d-------- C:\Programmi\ZyXEL ADSL Modem
2008-06-05 12:32 . 2006-05-10 05:17 417,792 -ra------ C:\WINDOWS\system32\stmcfg32.dll
2008-06-05 12:32 . 2006-05-10 05:17 155,648 -ra------ C:\WINDOWS\system32\stmctrl.dll
2008-06-05 12:32 . 2008-06-06 10:52 6,478 --a------ C:\WINDOWS\stsetup.htm
2008-06-04 19:46 . 2008-06-04 19:46 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-27 17:02 . 2008-05-27 17:02 <DIR> d-------- C:\Programmi\File comuni\PCSuite
2008-05-23 13:03 . 2008-06-05 18:08 1,312 --a------ C:\WINDOWS\mgutil_reg.ini
2008-05-23 12:58 . 2008-05-23 12:58 40 --a------ C:\WINDOWS\mgutil_win.ini
2008-05-21 18:23 . 2008-05-21 18:27 <DIR> d-------- C:\keygen
2008-05-20 17:32 . 2008-05-20 17:35 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\PC Suite
2008-05-20 17:31 . 2008-05-20 17:31 <DIR> d-------- C:\Programmi\DIFX
2008-05-20 17:28 . 2008-05-20 17:28 <DIR> d-------- C:\Programmi\PC Connectivity Solution
2008-05-20 17:10 . 2008-05-20 17:10 19 --a------ C:\WINDOWS\SoundConverter.INI
2008-05-20 17:05 . 2005-05-27 15:13 128,295 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2008-05-20 17:05 . 2007-02-22 10:15 65,536 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2008-05-20 17:05 . 2005-05-27 15:13 53,050 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2008-05-20 17:05 . 2007-02-22 10:15 12,288 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2008-05-20 17:05 . 2005-05-27 15:13 11,001 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2008-05-20 17:05 . 2005-05-27 15:13 7,288 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2008-05-20 16:59 . 2008-05-21 09:41 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Installations
2008-05-07 11:06 . 2008-05-07 11:06 <DIR> d-------- C:\Programmi\MSXML 6.0
2008-05-06 16:07 . 2008-05-06 16:07 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-05-06 16:05 . 2008-05-06 16:05 <DIR> d-------- C:\Programmi\Reference Assemblies
2008-05-06 16:02 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-06-06 16:36 268,832 --sha-w C:\WINDOWS\system32\drivers\fidbox2.dat
2008-06-06 16:36 15,337,760 --sha-w C:\WINDOWS\system32\drivers\fidbox.dat
2008-06-06 16:06 28,172 --sha-w C:\WINDOWS\system32\drivers\fidbox2.idx
2008-06-06 16:06 209,336 --sha-w C:\WINDOWS\system32\drivers\fidbox.idx
2008-06-05 16:26 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Kaspersky Lab
2008-05-27 15:05 --------- d--h--w C:\Programmi\InstallShield Installation Information
2008-05-27 15:02 --------- d-----w C:\Programmi\File comuni\Nokia
2008-05-24 10:16 --------- d-----w C:\Programmi\Java
2008-05-23 11:03 --------- d-----w C:\Programmi\ViewCRD
2008-05-23 10:45 --------- d-----w C:\Programmi\Windows Live Safety Center
2008-05-21 14:45 --------- d-----w C:\Documents and Settings\gcocola\Dati applicazioni\AdobeUM
2008-05-20 18:39 --------- d-----w C:\Documents and Settings\gcocola\Dati applicazioni\PC Suite
2008-05-20 15:46 --------- d-----w C:\Documents and Settings\gcocola\Dati applicazioni\Nokia
2008-05-15 07:54 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\Microsoft Help
2008-05-06 14:12 --------- d-----w C:\Programmi\MSBuild
2008-05-05 14:37 --------- d-----w C:\Programmi\SplitCam
2008-04-19 14:25 21,840 -c--atw C:\WINDOWS\system32\SIntfNT.dll
2008-04-19 14:25 17,212 -c--atw C:\WINDOWS\system32\SIntf32.dll
2008-04-19 14:25 12,067 -c--atw C:\WINDOWS\system32\SIntf16.dll
2008-04-08 13:22 --------- d-----w C:\Programmi\ModelliFiscali
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 ----a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 ----a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 ----a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 ----a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 ----a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 ----a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-12 09:35 216,064 -c--a-w C:\WINDOWS\iun3405.exe
2008-02-08 15:59 38 -c--a-w C:\Documents and Settings\gcocola\dell.bat
2003-04-22 19:02 135,168 ----a-w C:\Programmi\AVIPreview.exe
1999-07-11 18:28 276,992 -c--a-w C:\Programmi\MpgJoin.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-19 16:39 15360]
"RogueMonitor"="D:\Programmi\RogueRemover PRO\RogueRemoverPRO.exe" [2007-07-17 05:06 503808]
"Uniblue RegistryBooster 2"="C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-06-05 12:30 1923352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdslTaskBar"="stmctrl.dll" [2006-05-10 05:17 155648 C:\WINDOWS\system32\stmctrl.dll]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
QConGina.dll 2004-08-18 04:30 258048 C:\WINDOWS\system32\QConGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP54"= SP5X_32.DLL
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.l3codec"= l3codecp.acm
"vidc.sccd"= D:\PROGRA~2\LUMINO~1\SoftCam1.5\Driver\SCCodec.dll
"MSVideo7"= D:\PROGRA~2\LUMINO~1\SoftCam1.5\Driver\SCVid32.dll
"VIDC.ZDSV"= scrvid.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^BlueSoleil.lnk]
backup=C:\WINDOWS\pss\BlueSoleil.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^Tasto di scelta rapida per l'avvio di AutoCAD.lnk]
path=C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\Tasto di scelta rapida per l'avvio di AutoCAD.lnk
backup=C:\WINDOWS\pss\Tasto di scelta rapida per l'avvio di AutoCAD.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdslTaskBar]
-ra------ 2006-05-10 05:17 155648 C:\WINDOWS\system32\stmctrl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2005-09-08 12:06 94208 C:\Programmi\File comuni\Ahead\lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DataLayer]
--a------ 2005-06-07 11:31 819712 C:\Programmi\File comuni\PCSuite\DataLayer\DataLayer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
--a------ 2004-09-02 02:05 127035 C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
--a------ 2003-12-25 12:04 208896 C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\kav]
--a------ 2008-06-04 18:51 139367 D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
--a------ 2005-06-29 15:29 176128 D:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
--a------ 2005-06-24 14:08 860160 D:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
--a------ 2002-09-04 02:05 53248 C:\WINDOWS\system32\TP4EX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKMAPHELPER]
--a------ 2004-02-04 19:39 897024 C:\Programmi\ThinkPad\Utilities\TpKmapAp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SynTPEnh"=C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
"QCWLICON"=C:\Programmi\ThinkPad\ConnectUtilities\QCWLICON.EXE
"AdslTaskBar"=rundll32.exe stmctrl.dll,TaskBar

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"D:\\Programmi\\Ares\\Ares.exe"=
"D:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Programmi\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Programmi\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Programmi\\Windows Media Player\\wmplayer.exe"=
"D:\\Programmi\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\English\\setup.exe"=
"C:\\Documents and Settings\\All Users\\Dati applicazioni\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 7.0.1.325\\Italian\\setup.exe"=

R0 mcctl;mcctl;C:\WINDOWS\system32\drivers\mcctl.sys [2007-12-06 00:34]
R0 St323dk;St323dk;C:\WINDOWS\system32\drivers\St323dk.sys [2002-10-13 20:24]
R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-03-17 19:23]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2004-08-18 04:30]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\system32\drivers\IBMBLDID.SYS [2004-08-18 04:30]
R1 scrcap;scrcap;C:\WINDOWS\system32\DRIVERS\scrcap.sys [2006-12-27 16:47]
R2 Vcs;Vcs support;C:\WINDOWS\system32\Drivers\Vcs.sys [2004-11-14 07:01]
R2 viritsvclite;Virit eXplorer Lite;D:\VEXPLITE\viritsvc.exe [2008-06-05 20:02]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2006-09-27 00:21]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2003-08-12 06:51]
S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys []
S2 Ca504bv;Icatch(VII) Video Camera Device;C:\WINDOWS\system32\Drivers\Ca504bv.sys [2002-10-21 12:37]
S2 gafwload;GlobeSpan USB ADSL Loader;C:\WINDOWS\system32\DRIVERS\gafwload.sys []
S2 ipx;TCP-IP Service;C:\WINDOWS\system32\wbem\ipxserv.exe []
S3 mcdevice;mcdevice;C:\WINDOWS\system32\DRIVERS\mcdevice.sys [2007-12-06 00:45]
S3 NwlnkFlt;Driver filtro traffico IPX;C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys [2002-09-10 14:00]
S3 NwlnkFwd;Driver inoltratore traffico IPX;C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys [2002-09-10 14:00]
S3 QCNDISIF;QCNDISIF;C:\WINDOWS\system32\drivers\qcndisif.SYS [2004-08-18 04:30]
S3 TaurusUsb;ADSL Modem USB Service;C:\WINDOWS\system32\DRIVERS\torususb.sys [2006-04-13 08:55]
S3 USBCamera;Icatch(VII) Still Camera Device;C:\WINDOWS\system32\Drivers\Bulk504B.sys [2002-07-25 12:19]
S4 Boonty Games;Boonty Games;"C:\Programmi\File comuni\BOONTY Shared\Service\Boonty.exe" [2006-09-14 16:35]

.
Contenuto della cartella 'Scheduled Tasks'
"2008-04-28 08:44:00 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC Nag.job"
- D:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2007-10-01 08:44:57 C:\WINDOWS\Tasks\Uniblue SpeedUpMyPC.job"
- D:\Programmi\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-06-06 18:36:27
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-06-06 18.37.50
ComboFix-quarantined-files.txt 2008-06-06 16:37:31
ComboFix2.txt 2008-06-05 17:45:07
ComboFix3.txt 2008-02-09 17:57:42

29 Directory 189,820,928 byte disponibili
31 Directory 182,767,616 byte disponibili

213 --- E O F --- 2008-06-03 10:45:38



hijackthis:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:39, on 06/06/08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe
D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
D:\VEXPLITE\viritsvc.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Programmi\internet explorer\iexplore.exe
C:\Documents and Settings\gcocola\Impostazioni locali\Temporary Internet Files\Content.IE5\9B294VQ2\HiJackThis[1].exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.finanzaefuturo.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: (no name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Guida per l'accesso a Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RogueMonitor] D:\Programmi\RogueRemover PRO\RogueRemoverPRO.exe /monitor
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Programmi\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Programmi\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9563.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab?AuthParam=1206616255_9e8ac2e89ddbaca0fb1f6499acd06bd3&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD39/JSCDL/jdk/6u5b/jinstall-6u5-windows-i586-jc.cab&File=jinstall-6u5-windows-i586-jc.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5226/mcfscan.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{08021F56-D061-4E42-A2DF-1BA7123FD511}: NameServer = 212.17.192.49,212.17.192.214
O17 - HKLM\System\CS1\Services\Tcpip\..\{08021F56-D061-4E42-A2DF-1BA7123FD511}: NameServer = 212.17.192.49,212.17.192.214
O17 - HKLM\System\CS2\Services\Tcpip\..\{08021F56-D061-4E42-A2DF-1BA7123FD511}: NameServer = 212.17.192.49,212.17.192.214
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Programmi\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Programmi\File comuni\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - D:\Programmi\Kaspersky Lab\Kaspersky Anti-Virus 6.0\avp.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Programmi\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: TCP-IP Service (ipx) - Unknown owner - C:\WINDOWS\system32\wbem\ipxserv.exe (file missing)
O23 - Service: QCONSVC - IBM Corp. - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: Virit eXplorer Lite (viritsvclite) - TG Soft Sas www.tgsoft.it - D:\VEXPLITE\viritsvc.exe

--
End of file - 8771 bytes

grazie tanto per l'aiuto.

[Sante62]

Bene, controlla questo servizio presente nel log di HJT se lo conosci:

[jepix]

ti posto il log systemscan:

[URL="http://www.freefilehosting.net/download/3i54c"]report systemscan_1212774606609.txt[/URL]


grazie

[Sante62]

OK, sembra non ci sia nulla di pericoloso;

adesso collegati a Kaspersky online scanner e procedi con la scansione estesa del PC

[jepix]

ciao sante....quando cerco di avviare kaspersky on line mi da qs messaggio:

"Update process FAILED. No further antivirus actions can be performed!
Attention, you must be online to activate Kaspersky online scanner, since the latest anti-virus bases version must be downloaded prior to scan. Otherwise we cannot garantee detenction of latest viruses (21)"

Sembra che non vede che sono connesso...infatti il mio problema è che riesco a collegarmi solo con router e il sistema non vede il modem... inoltre non mi lascia creare nuove connessioni di rete (non mi lascia indicare la connessione tramite modem remoto!!!)

[Sante62]

Prova a fare questa operazione:
Scarica il file Sistema DanniBagle.zip e scompattalo.
Al suo interno troverai 2 cartelle con 2 files da aggiungere al file di registro.

[jepix]

scusami sante ma lì dentro c'è solo un file wmv

[jepix]

dove lo trovo il file sistema dannibagle.zip?

grazie sante

[Sante62]

Aspetta che forse c'è un errore nel link....

[jepix]

non c'è qualche altro sito dove scaricarli?

[Sante62]

Non credo. Comunque ho chiesto a bdoriano e attendiamo...

[jepix]

ok grazie

[Sante62]

Prova a scaricarlo da quì