Olimpo Informatico

Paolo77 · Mortale pio Registrato: 16/09/06 16:15 Messaggi: 17 Residenza: Verbania

Buongiorno gente, vi pongo un quesito, probabilmente un po' sciocco, ma che viste le mie scarse capacità informatiche, mi crea qualche problema.

E' da qualche tempo che avast mi rileva un virus classificato come malware generico nella cartella C:\windows\temp.
Il file si genera tutti i giorni alle 10 del mattino e viene rilevato 2 ore più tardi, avg non lo rileva ed ho già fatto diversi scan anche con avast e ripulito l'hd con superantispyware, ma il problema si ripresenta quotidianamente. Da che cosa è dovuto e come faccio a sradicare il virus che suppongo lo generi ? Question

Thanks

bdoriano

Ciao Paolo77, Ciao

Facciamo i controlli di rito:

Pulisci i files temporanei con ATF-Cleaner e/o CCleaner
Segui le istruzioni di questo topic per usare MBAM.
Segui le istruzioni di questo topic per eseguire combofix.
Segui le istruzioni di questo topic per postare il log di HiJackThis.
Riferisci con un nuovo messaggio in questa discussione dell'esito: se ci sono stati problemi particolari, ecc. ecc. E riporta:
- Carica il log di MBAM su WikiSend e posta il Forum Link che ti viene assegnato.
- Carica il log di Combofix su WikiSend e posta il Forum Link che ti viene assegnato.
- Carica il log di HiJackThis su WikiSend e posta il Forum Link che ti viene assegnato.

Paolo77 · Mortale pio Registrato: 16/09/06 16:15 Messaggi: 17 Residenza: Verbania

Fantastico, ho seguito le tue istruzioni passo passo e grazie a MBAM ho trovato 4 files infetti, di seguito ti posto il log per completezza, grazie per il tuo prezioso aiuto. Wink

P.S.
In seguito alla pulizia eseguita, il sistema è tornato nuovamente velocissimo, infatti aveva rallentato da così tanto tempo da averci fatto l'abitudine....... Rolling Eyes

Malwarebytes' Anti-Malware 1.25
Versione del database: 1089
Windows 5.1.2600 Service Pack 3

17.11.13 27/08/2008
mbam-log-08-27-2008 (17-11-13).txt

Tipo di scansione: Scansione rapida
Elementi scansionati: 51807
Tempo trascorso: 7 minute(s), 12 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 3
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 1

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\urlsearchhook.toolbarurlsearchhook.1 (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{4509d3cc-b642-4745-b030-645b79522c6d} (Adware.SoftMate) -> Quarantined and deleted successfully.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
C:\Programmi\PagineGialle Visual Toolbar\PagineGialle VisualToolbar\tbhelper.dll (Adware.SoftMate) -> Quarantined and deleted successfully.

Riverside

Direi sia il caso di pubblicare, almeno, anche, il log di Hthis (come ti aveva già chiesto Bdoriano, nel suo reply).
Ciao.

Paolo77 · Mortale pio Registrato: 16/09/06 16:15 Messaggi: 17 Residenza: Verbania

Yes sir !

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11.39.52, on 28/08/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Programmi\Alwil Software\Avast4\aswUpdSv.exe
C:\Programmi\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\crypserv.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Programmi\Alwil Software\Avast4\ashMaiSv.exe
C:\Programmi\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Programmi\Lexmark X74-X75\lxbbbmgr.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programmi\Lexmark X74-X75\lxbbbmon.exe
C:\Programmi\Logitech\Video\LogiTray.exe
C:\Programmi\Iomega\DriveIcons\ImgIcon.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Programmi\Eicon\Diva\DiTask.exe
C:\Programmi\Eicon\Diva\Divamon.exe
C:\Programmi\Eicon\Diva\watch.exe
C:\Programmi\Eicon\Diva\cgserver.exe
C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Programmi\QuickTime\qttask.exe
C:\Programmi\Eicon\Diva\diinfo.exe
C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Programmi\TomTom HOME\TomTomHOME.exe
C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\domino.exe
C:\WINDOWS\VMSnap1.exe
C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe
C:\Programmi\Spamihilator\spamihilator.exe
C:\Programmi\Logitech\Video\FxSvr2.exe
C:\Programmi\File comuni\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Messenger\msmsgs.exe
C:\Programmi\Iomega\AutoDisk\AD2KClient.exe
C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Programmi\Iomega\Automatic Backup Pro\LiveSystem.exe
C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Programmi\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe
C:\Programmi\Nikon\NkView6\NkvMon.exe
C:\Programmi\WinZip\WZQKPICK.EXE
C:\Programmi\Microsoft Office\Office10\msoffice.exe
C:\HiJ\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virgilio.alice.it/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: metaspinner media GmbH - {12FC9A49-CFE0-49AA-BE9E-8F4EEAFC9443} - C:\Paolo\Yeti\unzip\IEButtonYetiSportsEBayInterface.dll (file missing)
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Programmi\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programmi\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: TBSB00160 - {B629A5B8-6C0D-4BC3-86AA-F9A289719E9F} - C:\Programmi\PagineGialle Visual Toolbar\PagineGialle VisualToolbar\visual.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programmi\google\googletoolbar3.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programmi\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: PagineGialle VisualToolbar - {382BE5E1-D321-42ED-8820-CBAF85280AFB} - C:\Programmi\PagineGialle Visual Toolbar\PagineGialle VisualToolbar\visual.dll
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Programmi\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Programmi\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Programmi\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Iomega Startup Options] C:\Programmi\Iomega\Common\ImgStart.exe
O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Programmi\Iomega\DriveIcons\ImgIcon.exe

bdoriano

Il log di hijackthis è incompleto.

Riesci a postare anche quello di combofix?

Paolo77 · Mortale pio Registrato: 16/09/06 16:15 Messaggi: 17 Residenza: Verbania

Certamente:

ComboFix 08-08-26.03 - Io 2008-08-27 17.32.57.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1040.18.158 [GMT 2:00]
Eseguito da: C:\Scaricamenti\Combo-Fix.exe
* Creato nuovo punto di ripristino

[color=red]ATENÇÃO - ESTA MAQUINA NAO TEM A CONSOLE DE RECUPERAÇÃO INSTALADA !!
.

((((((((((((((((((((((((((((((((((((( Altre eliminazioni )))))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Io\Dati applicazioni\macromedia\Flash Player\#SharedObjects\2LPTT7U4\bin.clearspring.com
C:\Documents and Settings\Io\Dati applicazioni\macromedia\Flash Player\#SharedObjects\2LPTT7U4\bin.clearspring.com\clearspring.sol
C:\Documents and Settings\Io\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com
C:\Documents and Settings\Io\Dati applicazioni\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#bin.clearspring.com\settings.sol
C:\Documents and Settings\Io\Impostazioni locali\Temporary Internet Files\sc
C:\Documents and Settings\Io\Impostazioni locali\Temporary Internet Files\sc\script0.html
C:\Documents and Settings\Io\Impostazioni locali\Temporary Internet Files\sc\script1.html
C:\WINDOWS\Downloaded Program Files\setup.inf

.
((((((((((((((((((((((((( Files Creati Da 2008-07-27 al 2008-08-27 )))))))))))))))))))))))))))))))))))
.

2008-08-27 17:00 . 2008-08-27 17:00 <DIR> d-------- C:\Programmi\Malwarebytes' Anti-Malware
2008-08-27 17:00 . 2008-08-27 17:00 <DIR> d-------- C:\Documents and Settings\Io\Dati applicazioni\Malwarebytes
2008-08-27 17:00 . 2008-08-27 17:00 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Malwarebytes
2008-08-27 17:00 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-27 17:00 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-23 15:18 . 2008-08-23 15:18 <DIR> d-------- C:\Programmi\SUPERAntiSpyware
2008-08-23 15:18 . 2008-08-23 15:18 <DIR> d-------- C:\Documents and Settings\Io\Dati applicazioni\SUPERAntiSpyware.com
2008-08-23 15:18 . 2008-08-23 15:18 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\SUPERAntiSpyware.com
2008-08-21 10:37 . 2008-08-27 16:45 752 --a------ C:\WINDOWS\ITALIA~2.INI
2008-08-21 10:37 . 2008-08-27 16:45 188 --a------ C:\WINDOWS\TNxedit.INI
2008-08-21 10:36 . 2008-08-21 10:36 <DIR> d-------- C:\Programmi\PCN
2008-08-20 15:23 . 2008-08-20 15:23 <DIR> d-------- C:\WINDOWS\system32\it
2008-08-20 15:23 . 2008-08-20 15:23 <DIR> d-------- C:\WINDOWS\l2schemas
2008-08-20 08:34 . 2008-04-11 21:04 691,712 -----c--- C:\WINDOWS\system32\dllcache\inetcomm.dll
2008-08-19 10:53 . 2008-08-19 10:53 <DIR> d-------- C:\Documents and Settings\Io\Dati applicazioni\GARMIN
2008-08-07 14:42 . 2008-08-07 14:42 <DIR> d-------- C:\Programmi\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-27 13:49 --------- d-----w C:\Documents and Settings\Io\Dati applicazioni\Spamihilator
2008-08-27 12:50 --------- d-----w C:\Documents and Settings\All Users\Dati applicazioni\avg7
2008-08-27 06:23 --------- d-----w C:\Documents and Settings\Io\Dati applicazioni\AVG7
2008-08-23 13:17 --------- d-----w C:\Programmi\File comuni\Wise Installation Wizard
2008-08-20 12:02 --------- d-----w C:\Programmi\Microsoft Silverlight
2008-08-08 15:03 --------- d-----w C:\Programmi\Google
2008-08-08 09:26 --------- d-----w C:\Documents and Settings\Io\Dati applicazioni\Swiss Map
2008-08-07 12:59 --------- d-----w C:\Programmi\CTR_RAST
2008-08-07 12:42 --------- d-----w C:\Programmi\Java
2008-07-31 12:57 --------- d-----w C:\Documents and Settings\Io\Dati applicazioni\Canon
2008-07-19 14:38 --------- d-----w C:\Documents and Settings\Io\Dati applicazioni\Juniper Networks
2008-07-19 13:56 --------- d-----w C:\Programmi\Juniper Networks
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-07 20:27 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-03 15:20 --------- d-----w C:\Programmi\Real
2008-07-02 15:27 --------- d-----w C:\Programmi\Swiss Map
2008-07-02 08:06 --------- d-----w C:\Programmi\xtras
2008-07-02 08:05 28 ----a-w C:\Programmi\Swiss Map.ini
2008-07-02 08:05 2,645,514 ----a-w C:\Programmi\Swiss Map.exe
2008-07-02 08:05 --------- d-----w C:\Programmi\help
2008-07-02 08:03 --------- d-----w C:\Programmi\bin
2008-07-02 08:02 --------- d-----w C:\Programmi\data
2008-07-02 06:23 --------- d-----w C:\Programmi\Elaborate Bytes
2008-07-02 06:22 --------- d-----w C:\Programmi\File comuni\Ahead
2008-06-27 08:02 --------- d-----w C:\Documents and Settings\Io\Dati applicazioni\Ahead
2008-06-24 16:42 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:15 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 247,296 ----a-w C:\WINDOWS\system32\mswsock.dll
2007-10-26 07:05 76,320 ----a-w C:\Documents and Settings\Io\Dati applicazioni\GDIPFONTCACHEV1.DAT
2006-12-30 09:21 2,434,406 ----a-w C:\Programmi\cdex_170b2_enu.exe
2006-12-05 16:21 92,064 ----a-w C:\Documents and Settings\Io\mqdmmdm.sys
2006-12-05 16:21 9,232 ----a-w C:\Documents and Settings\Io\mqdmmdfl.sys
2006-12-05 16:21 79,328 ----a-w C:\Documents and Settings\Io\mqdmserd.sys
2006-12-05 16:21 66,656 ----a-w C:\Documents and Settings\Io\mqdmbus.sys
2006-12-05 16:21 6,208 ----a-w C:\Documents and Settings\Io\mqdmcmnt.sys
2006-12-05 16:21 5,936 ----a-w C:\Documents and Settings\Io\mqdmwhnt.sys
2006-12-05 16:21 4,048 ----a-w C:\Documents and Settings\Io\mqdmcr.sys
2006-12-05 16:21 25,600 ----a-w C:\Documents and Settings\Io\usbsermptxp.sys
2006-12-05 16:21 22,768 ----a-w C:\Documents and Settings\Io\usbsermpt.sys
2006-11-25 14:20 25,823,280 ----a-w C:\Programmi\wmp11-windowsxp-x86-it-it.exe
2006-11-25 09:01 6,062,768 ----a-w C:\Programmi\FirefoxGoogleToolbarSetup.exe
2006-11-16 07:54 14,776,112 ----a-w C:\Programmi\IE7-WindowsXP-x86-ita.exe
2006-10-21 14:44 15,520,048 ----a-w C:\Programmi\IE7-WindowsXP-x86-enu.exe
2006-09-26 09:53 4,422,671 ----a-w C:\Programmi\103_MADSLU_Driver.zip
2006-05-11 09:03 24,265,736 ----a-w C:\Programmi\dotnetfx.exe
2006-05-11 08:59 12,499,656 ----a-w C:\Programmi\6-4_xp-2k_dd_31959.exe
2006-05-11 08:57 19,373,312 ----a-w C:\Programmi\6-4_ccc_it_31959.exe
2006-05-02 08:56 11,817,800 ----a-w C:\Programmi\GoogleEarth.exe
2005-10-31 14:07 20 ---h--w C:\Documents and Settings\All Users\Dati applicazioni\PKP_DLea.DAT
2003-02-21 16:52 2,394,179 ----a-w C:\Documents and Settings\Io\TisPrintEngine_V3_50.exe
2000-12-12 09:17 100,432 -c--a-w C:\Programmi\Win2000PPAHotfix.exe
.

((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Nota* i valori vuoti & legittimi/default non sono visualizzati.
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B629A5B8-6C0D-4BC3-86AA-F9A289719E9F}]
2007-10-18 15:51 2265088 --a------ C:\Programmi\PagineGialle Visual Toolbar\PagineGialle VisualToolbar\visual.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{382BE5E1-D321-42ED-8820-CBAF85280AFB}"= "C:\Programmi\PagineGialle Visual Toolbar\PagineGialle VisualToolbar\visual.dll" [2007-10-18 15:51 2265088]

[HKEY_CLASSES_ROOT\clsid\{382be5e1-d321-42ed-8820-cbaf85280afb}]
[HKEY_CLASSES_ROOT\TBSB00160.TBSB00160.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB00160.TBSB00160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{382BE5E1-D321-42ED-8820-CBAF85280AFB}"= "C:\Programmi\PagineGialle Visual Toolbar\PagineGialle VisualToolbar\visual.dll" [2007-10-18 15:51 2265088]

[HKEY_CLASSES_ROOT\clsid\{382be5e1-d321-42ed-8820-cbaf85280afb}]
[HKEY_CLASSES_ROOT\TBSB00160.TBSB00160.3]
[HKEY_CLASSES_ROOT\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}]
[HKEY_CLASSES_ROOT\TBSB00160.TBSB00160]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 04:14 15360]
"MSMSGS"="C:\Programmi\Messenger\msmsgs.exe" [2008-04-14 04:14 1695232]
"Iomega Active Disk"="C:\Programmi\Iomega\AutoDisk\AD2KClient.exe" [2001-09-13 11:35 45056]
"LDM"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-02-15 17:15 67128]
"Iomega Automatic Backup Pro"="C:\Programmi\Iomega\Automatic Backup Pro\LiveSystem.exe" [2005-07-01 11:12 18968576]
"SUPERAntiSpyware"="C:\Programmi\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-08-19 23:34 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdaptecDirectCD"="C:\Programmi\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2002-05-20 14:58 679936]
"Lexmark X74-X75"="C:\Programmi\Lexmark X74-X75\lxbbbmgr.exe" [2002-07-31 11:54 57344]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 12:52 221184]
"LogitechVideoRepair"="C:\Programmi\Logitech\Video\ISStart.exe" [2005-01-18 18:47 458752]
"LogitechVideoTray"="C:\Programmi\Logitech\Video\LogiTray.exe" [2005-01-18 18:37 217088]
"Iomega Startup Options"="C:\Programmi\Iomega\Common\ImgStart.exe" [2001-01-17 18:33 45056]
"Iomega Drive Icons"="C:\Programmi\Iomega\DriveIcons\ImgIcon.exe" [2001-09-12 12:35 61440]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2008-04-16 09:58 579584]
"ATIPTA"="C:\Programmi\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2002-08-14 17:29 290816]
"ATICCC"="C:\Programmi\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-05-10 11:12 90112]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 16:38 78008]
"DiTask.exe"="C:\Programmi\Eicon\Diva\DiTask.exe" [2002-05-20 14:43 143360]
"Divamon.exe"="C:\Programmi\Eicon\Diva\Divamon.exe" [2002-05-20 14:49 32768]
"Eicon TechnologyLAN_DAEMON"="C:\Programmi\Eicon\Diva\watch.exe" [2002-05-20 14:48 192512]
"CGServer"="C:\Programmi\Eicon\Diva\cgserver.exe" [2002-05-20 14:48 40960]
"PCSuiteTrayApplication"="C:\Programmi\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-11-08 14:27 222208]
"QuickTime Task"="C:\Programmi\QuickTime\qttask.exe" [2007-01-17 17:24 77824]
"SSBkgdUpdate"="C:\Programmi\File comuni\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-09-30 01:14 155648]
"OpwareSE4"="C:\Programmi\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-03-21 14:19 69632]
"TomTomHOME.exe"="C:\Programmi\TomTom HOME\TomTomHOME.exe" [2007-03-14 16:52 3770024]
"ArcSoft Connection Service"="C:\Programmi\File comuni\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2007-07-17 14:05 64000]
"domino"="C:\WINDOWS\domino.exe" [2006-07-04 14:16 49152]
"VMSnap1"="C:\WINDOWS\VMSnap1.exe" [2006-07-17 11:27 49152]
"ScanSoft OmniPage SE 4.0-reminder"="C:\Programmi\ScanSoft\OmniPageSE4.0\Ereg\Ereg.exe" [2005-06-03 16:30 729088]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"Spamihilator"="C:\Programmi\Spamihilator\spamihilator.exe" [2008-04-21 20:00 1081856]
"TkBellExe"="C:\Programmi\File comuni\Real\Update_OB\realsched.exe" [2008-06-19 08:51 185896]
"Tweak UI"="TWEAKUI.CPL" [2000-10-09 18:55 108744 C:\WINDOWS\system32\TWEAKUI.CPL]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2008-04-14 04:14 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-10-25 09:59 219136]
"PcSync"="C:\Programmi\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-11-09 18:15 1634304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SRUUninstall"="C:\WINDOWS\System32\msiexec.exe" [2008-04-14 04:14 78848]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Adobe Gamma Loader.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2003-04-26 15:56:01 113664]
Adobe Gamma.lnk - C:\Programmi\File comuni\Adobe\Calibration\Adobe Gamma Loader.exe [2003-04-26 15:56:01 113664]
Avvio veloce di Adobe Reader.lnk - C:\Programmi\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-02-15 17:15:06 67128]
LUMIX Simple Viewer.lnk - C:\Programmi\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe [2007-09-19 15:33:37 63696]
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
NkvMon.exe.lnk - C:\Programmi\Nikon\NkView6\NkvMon.exe [2003-07-26 16:23:32 237568]
WinZip Quick Pick.lnk - C:\Programmi\WinZip\WZQKPICK.EXE [2006-06-01 09:53:08 122880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Programmi\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Programmi\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Eicon\\Diva\\watch.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\WINDOWS\\system32\\mmc.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG Free\\avgemc.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avginet.exe"=
"C:\\Programmi\\Grisoft\\AVG7\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Programmi\\Nokia\\Nokia Software Updater\\nsu_ui_client.exe"=
"C:\\Programmi\\File comuni\\Nokia\\Service Layer\\A\\nsl_host_process.exe"=
"C:\\Programmi\\Spamihilator\\dccproc.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Programmi\\Juniper Networks\\Secure Application Manager\\dsSamProxy.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 DiMaint;Driver di manutenzione Eicon;C:\WINDOWS\system32\DRIVERS\DISDN\dimaint.sys [2002-01-29 10:26]
R0 IABFilt;Iomega Snapshot Volume Filter;C:\WINDOWS\system32\DRIVERS\IABFilt.sys [2005-07-01 11:15]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 16:35]
R1 NEOFLTR_600_13073;Juniper Networks TDI Filter Driver (NEOFLTR_600_13073);C:\WINDOWS\system32\Drivers\NEOFLTR_600_13073.SYS [2008-04-30 21:54]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 16:37]
R2 DiCapi;Driver Eicon CAPI 2.0;C:\WINDOWS\system32\DRIVERS\DISDN\capi202k.sys [2001-06-12 15:27]
R2 DiPort;Driver della porta Eicon;C:\WINDOWS\system32\DRIVERS\DISDN\diport40.sys [2002-08-02 17:06]
R3 DiWan;Driver Eicon per tutte le scheda Diva Client;C:\WINDOWS\system32\DRIVERS\DISDN\Diwan.sys [2002-08-19 11:56]
R3 Slnt7554;USB Soft Modem Driver;C:\WINDOWS\system32\DRIVERS\slnt7554.sys [2004-08-03 22:41]
R3 tbcspud;Santa Cruz Driver;C:\WINDOWS\system32\drivers\tbcspud.sys [2002-04-03 18:51]
R3 tbcwdm;Santa Cruz WDM Driver;C:\WINDOWS\system32\drivers\tbcwdm.sys [2002-04-03 18:51]
S3 V90drv;v90drv;C:\WINDOWS\system32\DRIVERS\v90drv.sys []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{81671723-73dd-11dc-b2a1-0007e9bd69e9}]
\Shell\AutoRun\command - G:\Setup.exe -auto

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contenuto della cartella 'Scheduled Tasks'
.
- - - - ORFÃOS REMOVIDOS - - - -

BHO-{EDB3FE1A-70F4-FC7E-D9C4-33D63D24E5D3} - C:\WINDOWS\ugafx1.dll
HKCU-Run-Iomega Automatic Backup - C:\Programmi\Iomega\Iomega Automatic Backup\ibackup.exe
HKLM-Run-RemoveElanIcon - C:\WINDOWS\system32\ELAN.exe
HKLM-Run-YeppStudioAgent - C:\Programmi\Samsung\SamsungMediaStudio4.1\SamsungMediaStudioAgent.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Io\Dati applicazioni\Mozilla\Firefox\Profiles\cno2b2es.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.virgilio.it/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-27 17:49:15
Windows 5.1.2600 Service Pack 3 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Iomega Automatic Backup Pro = "C:\Programmi\Iomega\Automatic Backup Pro\LiveSystem.exe" -s?????????????????????????????????????????????????????????????????????

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"=""
.
Ora fine scansione: 2008-08-27 17:57:31
ComboFix-quarantined-files.txt 2008-08-27 15:57:23

Pre-Run: 81,203,699,712 byte disponibili
Post-Run: 82,807,201,792 byte disponibili

241 --- E O F --- 2008-08-21 12:02:30[/color]