Olimpo Informatico

bdoriano

Probabilmente ha avviato il pc in modalità provvisoria e ha cancellato la cartella in cui si è installato.
Il log di combofix è pulito.

Giusto per sicurezza:

Disabilita il tuo antivirus
Collegati a BitDefender (con IE) e fai la scansione completa.
Collegati a Kaspersky on-line scanner e fai la scansione estesa, come indicato qui.
Salva il risultato della scansione in un file (in formato HTML), carica il file su Freefilehosting e posta qui il link che ti viene assegnato.

nikman · Eroe in grazia degli dei Registrato: 22/04/08 15:54 Messaggi: 158

in modalità provvisoria dal file uninstall l'ha disinstallato dal desktop ma ora ho notato ke aprendo la finestra delle installazioni applicazioni dal pannello di controllo c'è ancora la scritta e cliccando x rimuoverla mi appare lo stesso messaggio di ieri e parla di button ma cmq sul desktop il programma nn c'è +

nikman · Eroe in grazia degli dei Registrato: 22/04/08 15:54 Messaggi: 158

ecco il log di defender:

bitdefender3.html

e quello di kaspersky:

kaspersky41.html

bdoriano

Bitdefender ha eliminato dei virus presenti nel ripristino di sistema e Kaspersky non ha riscontrato altre minacce.

Dovresti essere a posto. Razz

Ovviamente, controlla di aver fatto tutti gli aggiornamenti (Windows, java, antivirus, antispyware, etc...)

nikman · Eroe in grazia degli dei Registrato: 22/04/08 15:54 Messaggi: 158

ti ringrazio ancora x la disponibilità e l'aiuto fornito ma come mai il problema si ripresenta dopo diversi giorni, sebbene visiti sempre gli stessi siti o apra gli stessi programmi? inoltre ora è installato solo anitivir xkè come dicevo nei messaggi precedenti installando + programmi di sicurezza fra antivirus, firewall e spyaware alcuni di loro andavano in conflitto o c'erano programmi ke avevo difficoltà a far usare correttamente e quindi dall'ultima volta della risoluzione del problema ho installato solo antivir.
grazie, ciao

bdoriano

Scusa, mi è sorto un dubbio... Think

Appena puoi, fai questa scansione con FindAWF

nikman · Eroe in grazia degli dei Registrato: 22/04/08 15:54 Messaggi: 158

ecco il log di findawf:

Find AWF report by noahdfear ©2006
Version 1.40

bak folders found
~~~~~~~~~~~

Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\WINDOWS\EHOME\BAK

17/08/2005 23.40 64.512 ehtray.exe
1 File 64.512 byte
2 Directory 53.127.364.608 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\WINDOWS\SYSTEM32\BAK

07/09/2004 14.00 15.360 ctfmon.exe
09/07/2001 12.50 155.648 NeroCheck.exe
2 File 171.008 byte
2 Directory 53.127.364.608 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

23/09/2004 14.41 860.160 Smax4.exe
14/10/2004 11.11 1.388.544 SMax4PNP.exe
2 File 2.248.704 byte
2 Directory 53.127.360.512 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\LOGITECH\ITOUCH\BAK

01/12/2003 12.38 892.928 iTouch.exe
1 File 892.928 byte
2 Directory 53.127.360.512 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\NOKIA\NOKIAS~1\BAK

07/09/2007 15.44 3.100.672 NSLauncher.exe
1 File 3.100.672 byte
2 Directory 53.127.360.512 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 20.51 39.792 Reader_sl.exe
1 File 39.792 byte
2 Directory 53.127.360.512 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

26/08/2005 19.14 36.975 jusched.exe
1 File 36.975 byte
2 Directory 53.127.360.512 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

07/07/2005 18.41 57.344 apdproxy.exe
1 File 57.344 byte
2 Directory 53.127.360.512 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

21/06/2002 12.28 188.416 hpztsb05.exe
1 File 188.416 byte
2 Directory 53.127.360.512 byte disponibili

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

59392 10 Aug 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 17 Aug 2005 "C:\WINDOWS\ehome\ehtray.exe"
64512 17 Aug 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 7 Sep 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 7 Sep 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\nerocheck.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
860160 23 Sep 2004 "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe"
860160 23 Sep 2004 "C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe"
1388544 14 Oct 2004 "C:\Programmi\Analog Devices\SoundMAX\smax4pnp.exe"
1388544 14 Oct 2004 "C:\Programmi\Analog Devices\SoundMAX\bak\SMax4PNP.exe"
892928 1 Dec 2003 "C:\Programmi\Logitech\iTouch\itouch.exe"
892928 1 Dec 2003 "C:\Programmi\Logitech\iTouch\bak\iTouch.exe"
3100672 7 Sep 2007 "C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe"
327680 22 Dec 2007 "C:\WINDOWS\Installer\{A8C856AD-63CD-4613-AA29-E6C85607EA06}\NSLauncher2_8C75ED63874746D18905B6C4AF1D7A30.exe"
3100672 7 Sep 2007 "C:\Programmi\Nokia\Nokia Software Launcher\bak\NSLauncher.exe"
39792 10 Oct 2007 "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 10 Oct 2007 "C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
36975 26 Aug 2005 "C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe"
144784 22 Feb 2008 "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
36975 26 Aug 2005 "C:\Programmi\Java\jre1.5.0_05\bin\bak\jusched.exe"
57344 7 Jul 2005 "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
57344 7 Jul 2005 "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
188416 21 Jun 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe"
188416 21 Jun 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb05.exe"

end of report

bdoriano

Log ok.

Per sicurezza, fai la seguente operazione:

Scarica DelDomains e salvalo sul desktop (clic con destro sul link > salva oggetto)
poi clic con destro sul file e scegli Installa.

nikman · Eroe in grazia degli dei Registrato: 22/04/08 15:54 Messaggi: 158

ok installato DelDomains!
basta cosi?
grazie ancora!!!!!

nikman · Eroe in grazia degli dei Registrato: 22/04/08 15:54 Messaggi: 158

si è appena ripresentato il problema disconnetendo la mia linea e creando nelle connessioni di rete la solita "internet connection"......

chemicalbit · Dio maturo Registrato: 01/04/05 18:59 Messaggi: 18597 Residenza: Milano

iesci a fare un'analisi con HijackThsi e con Combofix (e presumo possa essere utile anche quella con Find AWF, premendo poi "1") e a postare i log?

nikman · Eroe in grazia degli dei Registrato: 22/04/08 15:54 Messaggi: 158

premesso ke quasi mi sto abituando alle varie fasi visto ke si ripresenta puntualmente dopo qualke giorno, ma ovviamente senza dare nessuna colpa anzi vi ringrazio della vostra disponibilità e aiuto ke formite nella risoluzione dei problemi, ecco i 3 log rikiesti:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21.29.50, on 05/05/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe
C:\Programmi\Analog Devices\SoundMAX\Smax4.exe
C:\WINDOWS\system32\rundll32.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Programmi\File comuni\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Programmi\Analog Devices\SoundMAX\SMax4PNP .exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05 .exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programmi\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Programmi\WinRAR\WinRAR.exe
C:\DOCUME~1\Angelo\IMPOST~1\Temp\Rar$EX00.406\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.libero.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: 205.238.40.53 winmx-com.winmxgroup.com winmx-com-v30.winmxgroup.com
O1 - Hosts: 205.238.40.1 test0.winmxgroup.net test4.winmxgroup.net
O1 - Hosts: 205.238.40.2 test1.winmxgroup.net test5.winmxgroup.net
O1 - Hosts: 82.43.224.20 test2.winmxgroup.net test6.winmxgroup.net
O1 - Hosts: 82.204.21.111 test3.winmxgroup.net
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AdslTaskBar] rundll32.exe stmctrl.dll,TaskBar
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Programmi\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NSLauncher] C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [avgnt] "C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO LOCALE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIZIO DI RETE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [IETI] C:\Programmi\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [IETI] C:\Programmi\Skype\Phone\IEPlugin\unins000.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART (User 'Default user')
O4 - Global Startup: Microsoft Office.lnk = C:\Programmi\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programmi\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programmi\Yahoo!\Messenger\yhexbmesit.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Programmi\Yahoo!\Messenger\yhexbmesit.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Programmi\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programmi\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl.sun.com/webapps/download/AutoDL?BundleId=19588
O17 - HKLM\System\CCS\Services\Tcpip\..\{C0835856-69A6-4A63-91D9-0B77E1D78023}: NameServer = 85.37.17.49 85.38.28.91
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FILECO~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programmi\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Programmi\File comuni\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Programmi\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Programmi\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 7752 bytes

ComboFix 08-04-24.1 - Angelo 2008-05-05 21.27.13.7 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.677 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Angelo\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-04-05 al 2008-05-05 )))))))))))))))))))))))))))))))))))
.

2008-04-29 01:23 . 2008-04-29 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2008-04-27 11:34 . 2008-04-27 11:34 <DIR> d-------- C:\Programmi\Avira
2008-04-27 11:34 . 2008-04-27 11:34 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-04-26 12:41 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-25 17:12 . 2008-05-01 22:28 3,100,704 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-25 17:12 . 2008-05-01 22:28 39,500 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-23 22:16 . 2008-05-03 09:34 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-23 21:04 . 2008-04-23 21:04 <DIR> d-------- C:\Programmi\CCleaner
2008-04-23 16:19 . 2008-04-25 16:13 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-21 21:36 . 2005-08-17 23:40 64,512 --a--c--- C:\WINDOWS\system32\dllcache\ehtray.exe
2008-04-21 21:28 . 2008-04-21 21:28 6,144 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-04-16 13:15 . 2008-04-16 13:15 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-04-16 13:14 . 2008-04-16 13:14 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\AVG7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 18:41 14,348 ----a-w C:\WINDOWS\system32\nerocheck.exe
2008-05-05 17:19 --------- d-----w C:\Programmi\eMule
2008-05-04 00:21 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\Skype
2008-05-03 13:57 --------- d-----w C:\Programmi\C6 Messenger
2008-05-02 19:25 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2008-04-27 12:25 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\Lavasoft
2008-04-26 10:41 --------- d-----w C:\Programmi\Java
2008-04-22 18:44 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\SopCast
2008-04-17 11:08 --------- d-----w C:\Programmi\DivX
2008-04-16 11:15 --------- d-----w C:\Programmi\SopCast
2008-04-02 11:08 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-04-02 11:08 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\skypePM
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:31 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-28 11:30 69,176 ----a-w C:\Documents and Settings\Angelo\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

chemicalbit · Dio maturo Registrato: 01/04/05 18:59 Messaggi: 18597 Residenza: Milano

nikman · Eroe in grazia degli dei Registrato: 22/04/08 15:54 Messaggi: 158

forse il problema si riferisce anke ad evntuali aggiornamenti di sicurezza mancanti e ke ho provveduto ad installare dal sito, quindi ora in base ai log postati in precedenza aspetto mi diciate i vari passaggi x eliminare, pulire e ripristinare i vari file infetti

bdoriano

Dobbiamo proprio trovare da dove arriva questo ragazzaccio. Evil or Very Mad

Avvia FindAWF e seleziona l'opzione 2:
Ti si apre un file di testo

Spostati sotto l'ultima riga del file di testo e inserisci le seguenti righe:

Codice:

"C:\Programmi\Analog Devices\SoundMAX\bak\SMax4PNP.exe"
"C:\Programmi\Logitech\iTouch\bak\iTouch.exe"
"C:\WINDOWS\system32\bak\NeroCheck.exe"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb05.exe"

Chiudi il file di testo e conferma il salvataggio delle modifiche
Al termine dell'operazione ti viene aperto un nuovo log con l'esito finale
Incollalo nella tua prossima risposta
sempre in FindAWF, seleziona l'opzione 4:
verrà mostrato un messaggio di avviso
digita 1, e premi Invio
dopo il reset della domain zones, il programma tornerà al menu principale.
digita E e, quindi, premi Invio per uscire

Crea un file di testo con le seguenti istruzioni:

nikman · Eroe in grazia degli dei Registrato: 22/04/08 15:54 Messaggi: 158

ecco i 3 log:

Find AWF report by noahdfear ©2006
Version 1.40
Option 2 run successfully

bak folders found
~~~~~~~~~~~

Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\WINDOWS\EHOME\BAK

17/08/2005 23.40 64.512 ehtray.exe
1 File 64.512 byte
2 Directory 52.931.063.808 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\WINDOWS\SYSTEM32\BAK

07/09/2004 14.00 15.360 ctfmon.exe
09/07/2001 12.50 155.648 NeroCheck.exe
2 File 171.008 byte
2 Directory 52.931.063.808 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

23/09/2004 14.41 860.160 Smax4.exe
14/10/2004 11.11 1.388.544 SMax4PNP.exe
2 File 2.248.704 byte
2 Directory 52.931.059.712 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\LOGITECH\ITOUCH\BAK

01/12/2003 12.38 892.928 iTouch.exe
1 File 892.928 byte
2 Directory 52.931.059.712 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\NOKIA\NOKIAS~1\BAK

07/09/2007 15.44 3.100.672 NSLauncher.exe
1 File 3.100.672 byte
2 Directory 52.931.059.712 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 20.51 39.792 Reader_sl.exe
1 File 39.792 byte
2 Directory 52.931.059.712 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

26/08/2005 19.14 36.975 jusched.exe
1 File 36.975 byte
2 Directory 52.931.059.712 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

07/07/2005 18.41 57.344 apdproxy.exe
1 File 57.344 byte
2 Directory 52.931.059.712 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

21/06/2002 12.28 188.416 hpztsb05.exe
1 File 188.416 byte
2 Directory 52.931.059.712 byte disponibili

Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

59392 10 Aug 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 17 Aug 2005 "C:\WINDOWS\ehome\ehtray.exe"
64512 17 Aug 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 7 Sep 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 7 Sep 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\nerocheck .exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
860160 23 Sep 2004 "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe"
860160 23 Sep 2004 "C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe"
1388544 14 Oct 2004 "C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe"
1388544 14 Oct 2004 "C:\Programmi\Analog Devices\SoundMAX\bak\SMax4PNP.exe"
892928 1 Dec 2003 "C:\Programmi\Logitech\iTouch\iTouch.exe"
892928 1 Dec 2003 "C:\Programmi\Logitech\iTouch\bak\iTouch.exe"
3100672 7 Sep 2007 "C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe"
327680 22 Dec 2007 "C:\WINDOWS\Installer\{A8C856AD-63CD-4613-AA29-E6C85607EA06}\NSLauncher2_8C75ED63874746D18905B6C4AF1D7A30.exe"
3100672 7 Sep 2007 "C:\Programmi\Nokia\Nokia Software Launcher\bak\NSLauncher.exe"
39792 10 Oct 2007 "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 10 Oct 2007 "C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
36975 26 Aug 2005 "C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe"
144784 22 Feb 2008 "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
36975 26 Aug 2005 "C:\Programmi\Java\jre1.5.0_05\bin\bak\jusched.exe"
57344 7 Jul 2005 "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
57344 7 Jul 2005 "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
188416 21 Jun 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe"
188416 21 Jun 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb05.exe"

end of report

ComboFix 08-04-24.1 - Angelo 2008-05-05 23.18.04.8 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.663 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Angelo\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Angelo\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-04-05 al 2008-05-05 )))))))))))))))))))))))))))))))))))
.

2008-05-05 22:36 . 2008-05-05 22:42 <DIR> d-------- C:\WINDOWS\LastGood
2008-04-29 01:23 . 2008-04-29 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2008-04-27 11:34 . 2008-04-27 11:34 <DIR> d-------- C:\Programmi\Avira
2008-04-27 11:34 . 2008-04-27 11:34 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-04-26 12:41 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-25 17:12 . 2008-05-01 22:28 3,100,704 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-25 17:12 . 2008-05-01 22:28 39,500 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-23 22:16 . 2008-05-03 09:34 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-23 21:04 . 2008-04-23 21:04 <DIR> d-------- C:\Programmi\CCleaner
2008-04-23 16:19 . 2008-04-25 16:13 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-21 21:36 . 2005-08-17 23:40 64,512 --a--c--- C:\WINDOWS\system32\dllcache\ehtray.exe
2008-04-21 21:28 . 2008-04-21 21:28 6,144 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-04-16 13:15 . 2008-04-16 13:15 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-04-16 13:14 . 2008-04-16 13:14 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\AVG7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-05 17:19 --------- d-----w C:\Programmi\eMule
2008-05-04 00:21 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\Skype
2008-05-03 13:57 --------- d-----w C:\Programmi\C6 Messenger
2008-05-02 19:25 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2008-04-27 12:25 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\Lavasoft
2008-04-26 10:41 --------- d-----w C:\Programmi\Java
2008-04-22 18:44 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\SopCast
2008-04-17 11:08 --------- d-----w C:\Programmi\DivX
2008-04-16 11:15 --------- d-----w C:\Programmi\SopCast
2008-04-02 11:08 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-04-02 11:08 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\skypePM
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:31 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-28 11:30 69,176 ----a-w C:\Documents and Settings\Angelo\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot_2008-05-01_22.20.37,95 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
+ 2007-03-06 01:48:32 724,192 ----a-w C:\WINDOWS\$hf_mig$\KB941693\update\update.exe
- 2007-03-06 01:48:10 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
+ 2007-03-06 01:48:09 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spmsg.dll
- 2007-03-06 01:48:15 215,776 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
+ 2007-03-06 01:48:14 215,776 ----a-w C:\WINDOWS\$hf_mig$\KB943055\spuninst.exe
- 2007-03-06 01:48:08 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
+ 2007-03-06 01:48:07 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\spcustom.dll
- 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
+ 2007-03-06 01:48:32 724,192 ----a-w C:\WINDOWS\$hf_mig$\KB943055\update\update.exe
- 2007-03-06 01:48:10 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
+ 2007-03-06 01:48:09 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spmsg.dll
- 2007-03-06 01:48:15 215,776 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
+ 2007-03-06 01:48:14 215,776 ----a-w C:\WINDOWS\$hf_mig$\KB944338\spuninst.exe
- 2007-03-06 01:48:08 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
+ 2007-03-06 01:48:07 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\spcustom.dll
- 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
+ 2007-03-06 01:48:32 724,192 ----a-w C:\WINDOWS\$hf_mig$\KB944338\update\update.exe
- 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
+ 2007-03-06 01:48:32 724,192 ----a-w C:\WINDOWS\$hf_mig$\KB945553\update\update.exe
- 2007-03-06 01:48:10 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
+ 2007-03-06 01:48:09 15,584 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spmsg.dll
- 2007-03-06 01:48:15 215,776 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
+ 2007-03-06 01:48:14 215,776 ----a-w C:\WINDOWS\$hf_mig$\KB946026\spuninst.exe
- 2007-03-06 01:48:08 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
+ 2007-03-06 01:48:07 22,752 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\spcustom.dll
- 2007-03-06 01:48:33 724,192 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
+ 2007-03-06 01:48:32 724,192 ----a-w C:\WINDOWS\$hf_mig$\KB946026\update\update.exe
- 2008-05-01 20:06:11 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-05 20:21:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2004-09-24 02:17:18 244,736 ----a-w C:\WINDOWS\LastGood\$hf_mig$\KB885894\SP2QFE\acspecfc.dll
+ 2004-09-24 02:07:33 245,248 ----a-w C:\WINDOWS\LastGood\AppPatch\acspecfc.dll
+ 2004-09-24 02:07:33 245,248 ----a-w C:\WINDOWS\LastGood\system32\DllCache\acspecfc.dll
- 2008-05-01 20:07:24 14,348 ----a-w C:\WINDOWS\system32\nerocheck.exe
+ 2001-07-09 10:50:42 155,648 ----a-w C:\WINDOWS\system32\nerocheck.exe
- 2008-05-01 20:07:22 14,348 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
+ 2002-06-21 10:28:47 188,416 ----a-w C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 57,344 2005-07-07 16:41:54 C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe
----a-w 57,344 2005-07-07 16:41:54 C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

----a-w 39,792 2007-10-10 18:51:55 C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
----a-w 39,792 2007-10-10 18:51:55 C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe

-c--a-w 860,160 2004-09-23 12:41:54 C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe
----a-w 860,160 2004-09-23 12:41:54 C:\Programmi\Analog Devices\SoundMAX\Smax4.exe

-c--a-w 1,388,544 2004-10-14 09:11:10 C:\Programmi\Analog Devices\SoundMAX\bak\SMax4PNP.exe
----a-w 1,388,544 2004-10-14 09:11:10 C:\Programmi\Analog Devices\SoundMAX\smax4pnp.exe

-c--a-w 36,975 2005-08-26 17:14:44 C:\Programmi\Java\jre1.5.0_05\bin\bak\jusched.exe
----a-w 36,975 2005-08-26 17:14:44 C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe

-c--a-w 892,928 2003-12-01 10:38:16 C:\Programmi\Logitech\iTouch\bak\iTouch.exe
----a-w 892,928 2003-12-01 10:38:16 C:\Programmi\Logitech\iTouch\itouch.exe

----a-w 3,100,672 2007-09-07 13:44:30 C:\Programmi\Nokia\Nokia Software Launcher\bak\NSLauncher.exe
----a-w 3,100,672 2007-09-07 13:44:30 C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe

-c--a-w 64,512 2005-08-17 21:40:06 C:\WINDOWS\ehome\bak\ehtray.exe
----a-w 64,512 2005-08-17 21:40:06 C:\WINDOWS\ehome\ehtray.exe

----a-w 15,360 2004-09-07 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-09-07 12:00:00 C:\WINDOWS\system32\ctfmon.exe

-c--a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
----a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\nerocheck.exe

-c--a-w 188,416 2002-06-21 10:28:47 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb05.exe
----a-w 188,416 2002-06-21 10:28:47 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 23:40 64512]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 11:11 1388544]
"SoundMAX"="C:\Programmi\Analog Devices\SoundMAX\Smax4.exe" [2004-09-23 14:41 860160]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-05 12:31 7323648]
"nwiz"="nwiz.exe" [2006-01-05 12:31 1519616 C:\WINDOWS\system32\nwiz.exe]
"AdslTaskBar"="stmctrl.dll" [2003-01-22 13:01 151552 C:\WINDOWS\system32\stmctrl.dll]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-21 12:28 188416]
"zBrowser Launcher"="C:\Programmi\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38 892928]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 18:41 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"NSLauncher"="C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 15:44 3100672]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-27 11:37 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 14:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="C:\Programmi\Skype\Phone\IEPlugin\unins000.exe" [ ]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\C6 Messenger\\plugin\\fsmodule\\C6FileSharing.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\C6 Messenger\\c6Messenger.exe"=
"C:\\Documents and Settings\\Angelo\\Dati applicazioni\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-01-24 17:45]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2002-09-25 08:37]
R3 TaurusUsb;ADSL Modem USB Service 1.09a;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-01-09 16:21]
R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-09-07 14:00]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 11:45]
S1 as6eio;as6eio;C:\WINDOWS\system32\drivers\as6eio.sys []

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-05 23:19:02
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-05-05 23.19.41
ComboFix-quarantined-files.txt 2008-05-05 21:19:31
ComboFix2.txt 2008-05-05 19:29:14
ComboFix3.txt 2008-05-02 18:59:11
ComboFix4.txt 2008-05-01 20:20:59

9 Directory 52,902,940,672 byte disponibili
11 Directory 52,933,808,128 byte disponibili

210 --- E O F --- 2008-04-16 11:19:22

05_05_2008_23_30_report.zip

bdoriano

Fai questa operazione:

Clicca Start
Clicca Esegui...
Digita:
Codice:

regedit
e premi OK
portati alla chiave
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D6FD105B-2080-F55E-016E-65561088E005}
tasto destro del mouse e scegli Esporta
salva nel file c:\sospetto.reg
ancora tasto destro del mouse e scegli Elimina
Chiudi regedit
carica il file c:\sospetto.reg su FreeFileHosting come indicato qui e mandami il link via MP.

nikman · Eroe in grazia degli dei Registrato: 22/04/08 15:54 Messaggi: 158

scusami ma mi sfugge qualkosa: il file sospetto.reg nn c'e su C: come faccio? devo crearlo o cosa dovrei fare

chemicalbit · Dio maturo Registrato: 01/04/05 18:59 Messaggi: 18597 Residenza: Milano

Devi crearlo tu,
facendo "esporta" da Regedit.