Olimpo Informatico

[nikman]

allora ieri sera attraverso esegui arrivai alla kiave ma nn me la salvava in
C scrivendo sospetto come dici tu e mi appariva il messaggio "ramo selezionato inesistente. Controllare che il percorso sia corretto". Invece stamattina appena acceso il pc e andando su esegui la parola regedit era già memorizzata come già il percorso ma subito mi è apparso il messaggio "impossibile aprire .....(la dicitura della chiave). Errore durante l'apertura della chiave" ma facendo OK sul messaggio potevo selezionarlo, cliccare con il destro su Esporta ma lo stesso nn trovava il percorso sebbene gli abbia nuovamente scritto io la parola sospetto su C.

[bdoriano]

Come immaginavo, stranamente è una chiave "nascosta".
Devo cercare ulteriori informazioni in merito.

[nikman]

ok! fai le dovute ricerke e in attesa ti ringrazio ancora!!!!!

[nikman]

informandoti ke si è ripresentato il problema volevo ricordarti a ke punto è eventualmente la ricerca per quella kiave nascosta. grazie

[bdoriano]

Di nuovo la Internet Connection?

Rifai la scansione con FindAWF e ComboFix.
Stasera, faremo altre pulizie. ok?

[nikman]

eccoti i 2 log rikiesti e ti ricordo come accennasti ke forse il tutto dipende da una kiave nascosta ( citata nei precedenti messaggi ) e ke dovevi cercare altre informazioni in merito:

Find AWF report by noahdfear ©2006
Version 1.40


bak folders found
~~~~~~~~~~~

Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\WINDOWS\EHOME\BAK

17/08/2005 23.40 64.512 ehtray.exe
1 File 64.512 byte
2 Directory 53.531.602.944 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\WINDOWS\SYSTEM32\BAK

07/09/2004 14.00 15.360 ctfmon.exe
09/07/2001 12.50 155.648 NeroCheck.exe
2 File 171.008 byte
2 Directory 53.531.602.944 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

23/09/2004 14.41 860.160 Smax4.exe
14/10/2004 11.11 1.388.544 SMax4PNP.exe
2 File 2.248.704 byte
2 Directory 53.531.598.848 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\LOGITECH\ITOUCH\BAK

01/12/2003 12.38 892.928 iTouch.exe
1 File 892.928 byte
2 Directory 53.531.598.848 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\NOKIA\NOKIAS~1\BAK

07/09/2007 15.44 3.100.672 NSLauncher.exe
1 File 3.100.672 byte
2 Directory 53.531.598.848 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 20.51 39.792 Reader_sl.exe
1 File 39.792 byte
2 Directory 53.531.598.848 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

26/08/2005 19.14 36.975 jusched.exe
1 File 36.975 byte
2 Directory 53.531.598.848 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

07/07/2005 18.41 57.344 apdproxy.exe
1 File 57.344 byte
2 Directory 53.531.598.848 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

21/06/2002 12.28 188.416 hpztsb05.exe
1 File 188.416 byte
2 Directory 53.531.598.848 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

59392 10 Aug 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 17 Aug 2005 "C:\WINDOWS\ehome\ehtray.exe"
64512 17 Aug 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 7 Sep 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 7 Sep 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\nerocheck .exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
860160 23 Sep 2004 "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe"
860160 23 Sep 2004 "C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe"
1388544 14 Oct 2004 "C:\Programmi\Analog Devices\SoundMAX\bak\SMax4PNP.exe"
892928 1 Dec 2003 "C:\Programmi\Logitech\iTouch\bak\iTouch.exe"
3100672 7 Sep 2007 "C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe"
327680 22 Dec 2007 "C:\WINDOWS\Installer\{A8C856AD-63CD-4613-AA29-E6C85607EA06}\NSLauncher2_8C75ED63874746D18905B6C4AF1D7A30.exe"
3100672 7 Sep 2007 "C:\Programmi\Nokia\Nokia Software Launcher\bak\NSLauncher.exe"
39792 10 Oct 2007 "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 10 Oct 2007 "C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
36975 26 Aug 2005 "C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe"
144784 22 Feb 2008 "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
36975 26 Aug 2005 "C:\Programmi\Java\jre1.5.0_05\bin\bak\jusched.exe"
57344 7 Jul 2005 "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
57344 7 Jul 2005 "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
188416 21 Jun 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb05.exe"


end of report

ComboFix 08-05-11.1 - Angelo 2008-05-12 13.06.16.9 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.663 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Angelo\Desktop\ComboFix.exe
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-04-12 al 2008-05-12 )))))))))))))))))))))))))))))))))))
.

2008-04-29 01:23 . 2008-04-29 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2008-04-27 11:34 . 2008-04-27 11:34 <DIR> d-------- C:\Programmi\Avira
2008-04-27 11:34 . 2008-04-27 11:34 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-04-26 12:41 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-25 17:12 . 2008-05-01 22:28 3,100,704 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-25 17:12 . 2008-05-01 22:28 39,500 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-23 22:16 . 2008-05-03 09:34 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-23 21:04 . 2008-04-23 21:04 <DIR> d-------- C:\Programmi\CCleaner
2008-04-23 16:19 . 2008-05-12 13:06 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-21 21:36 . 2005-08-17 23:40 64,512 --a--c--- C:\WINDOWS\system32\dllcache\ehtray.exe
2008-04-21 21:28 . 2008-04-21 21:28 6,144 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-04-16 13:15 . 2008-04-16 13:15 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-04-16 13:14 . 2008-04-16 13:14 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\AVG7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-11 19:46 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\Skype
2008-05-11 14:09 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\SopCast
2008-05-11 08:41 --------- d-----w C:\Programmi\C6 Messenger
2008-05-06 19:06 --------- d-----w C:\Programmi\eMule
2008-05-02 19:25 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2008-04-27 12:25 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\Lavasoft
2008-04-26 10:41 --------- d-----w C:\Programmi\Java
2008-04-17 11:08 --------- d-----w C:\Programmi\DivX
2008-04-16 11:15 --------- d-----w C:\Programmi\SopCast
2008-04-02 11:08 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-04-02 11:08 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\skypePM
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:31 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-28 11:30 69,176 ----a-w C:\Documents and Settings\Angelo\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

[bdoriano]

Andiamo già meglio, è meno "esteso" di quanto mi aspettassi.

Crea un file di testo con le seguenti istruzioni:

[nikman]

forse se è meno esteso è perkè avendo antivir rilevato il problema e facendogli fare la scansione ha eliminato un po' bel di file sospetti cmq ti posto qui di seguito i 2 log di combofix e VirIT notando e tu forse me ne potrai dare conferma che in quest'ultimo ha rimosso una kiave ke magari può essere quella nascosta di cui ne avevi già parlato:

ComboFix 08-05-11.1 - Angelo 2008-05-12 19.58.10.10 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.681 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Angelo\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Angelo\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-04-12 al 2008-05-12 )))))))))))))))))))))))))))))))))))
.

2008-04-29 01:23 . 2008-04-29 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2008-04-27 11:34 . 2008-04-27 11:34 <DIR> d-------- C:\Programmi\Avira
2008-04-27 11:34 . 2008-04-27 11:34 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-04-26 12:41 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-25 17:12 . 2008-05-01 22:28 3,100,704 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-25 17:12 . 2008-05-01 22:28 39,500 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-23 22:16 . 2008-05-03 09:34 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-23 21:04 . 2008-04-23 21:04 <DIR> d-------- C:\Programmi\CCleaner
2008-04-23 16:19 . 2008-05-12 13:06 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-21 21:36 . 2005-08-17 23:40 64,512 --a--c--- C:\WINDOWS\system32\dllcache\ehtray.exe
2008-04-21 21:28 . 2008-04-21 21:28 6,144 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-04-16 13:15 . 2008-04-16 13:15 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-04-16 13:14 . 2008-04-16 13:14 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\AVG7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 12:50 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\Skype
2008-05-11 14:09 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\SopCast
2008-05-11 08:41 --------- d-----w C:\Programmi\C6 Messenger
2008-05-06 19:06 --------- d-----w C:\Programmi\eMule
2008-05-02 19:25 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2008-04-27 12:25 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\Lavasoft
2008-04-26 10:41 --------- d-----w C:\Programmi\Java
2008-04-17 11:08 --------- d-----w C:\Programmi\DivX
2008-04-16 11:15 --------- d-----w C:\Programmi\SopCast
2008-04-02 11:08 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-04-02 11:08 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\skypePM
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:31 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-28 11:30 69,176 ----a-w C:\Documents and Settings\Angelo\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot_2008-05-05_23.19.20,85 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-05 20:21:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-12 16:43:46 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 57,344 2005-07-07 16:41:54 C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe
----a-w 57,344 2005-07-07 16:41:54 C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

----a-w 39,792 2007-10-10 18:51:55 C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
----a-w 39,792 2007-10-10 18:51:55 C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe

-c--a-w 860,160 2004-09-23 12:41:54 C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe
----a-w 860,160 2004-09-23 12:41:54 C:\Programmi\Analog Devices\SoundMAX\Smax4.exe

-c--a-w 1,388,544 2004-10-14 09:11:10 C:\Programmi\Analog Devices\SoundMAX\bak\SMax4PNP.exe
----a-w 1,388,544 2004-10-14 09:11:10 C:\Programmi\Analog Devices\SoundMAX\smax4pnp.exe

-c--a-w 36,975 2005-08-26 17:14:44 C:\Programmi\Java\jre1.5.0_05\bin\bak\jusched.exe
----a-w 36,975 2005-08-26 17:14:44 C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe

-c--a-w 892,928 2003-12-01 10:38:16 C:\Programmi\Logitech\iTouch\bak\iTouch.exe
----a-w 892,928 2003-12-01 10:38:16 C:\Programmi\Logitech\iTouch\itouch.exe

----a-w 3,100,672 2007-09-07 13:44:30 C:\Programmi\Nokia\Nokia Software Launcher\bak\NSLauncher.exe
----a-w 3,100,672 2007-09-07 13:44:30 C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe

-c--a-w 64,512 2005-08-17 21:40:06 C:\WINDOWS\ehome\bak\ehtray.exe
----a-w 64,512 2005-08-17 21:40:06 C:\WINDOWS\ehome\ehtray.exe

----a-w 15,360 2004-09-07 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-09-07 12:00:00 C:\WINDOWS\system32\ctfmon.exe

-c--a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
----a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\nerocheck.exe

-c--a-w 188,416 2002-06-21 10:28:47 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb05.exe
----a-w 188,416 2002-06-21 10:28:47 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 23:40 64512]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 11:11 1388544]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-05 12:31 7323648]
"nwiz"="nwiz.exe" [2006-01-05 12:31 1519616 C:\WINDOWS\system32\nwiz.exe]
"AdslTaskBar"="stmctrl.dll" [2003-01-22 13:01 151552 C:\WINDOWS\system32\stmctrl.dll]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-21 12:28 188416]
"zBrowser Launcher"="C:\Programmi\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38 892928]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 18:41 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"NSLauncher"="C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 15:44 3100672]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-27 11:37 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 14:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="C:\Programmi\Skype\Phone\IEPlugin\unins000.exe" [ ]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\C6 Messenger\\plugin\\fsmodule\\C6FileSharing.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\C6 Messenger\\c6Messenger.exe"=
"C:\\Documents and Settings\\Angelo\\Dati applicazioni\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-01-24 17:45]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2002-09-25 08:37]
R3 TaurusUsb;ADSL Modem USB Service 1.09a;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-01-09 16:21]
R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-09-07 14:00]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 11:45]
S1 as6eio;as6eio;C:\WINDOWS\system32\drivers\as6eio.sys []

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 19:59:28
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-05-12 20.00.06
ComboFix-quarantined-files.txt 2008-05-12 18:00:00
ComboFix2.txt 2008-05-12 11:07:51
ComboFix3.txt 2008-05-05 21:19:42
ComboFix4.txt 2008-05-05 19:29:14
ComboFix5.txt 2008-05-02 18:59:11

9 Directory 53,461,438,464 byte disponibili
11 Directory 53,490,950,144 byte disponibili

172 --- E O F --- 2008-04-16 11:19:22


VirIT eXplorer Lite Log

[SCANSIONE DELLA MEMORIA]
OK
[SCANSIONE DELLA MEMORIA]
OK
--------------------------------------------------------
12/05/2008 - 20:09:35

[SCANSIONE DEL REGISTRO]
{DCE2F8B1-A520-11D4-8FD0-00D0B7730277} Infetto da Trojan.Win32.Dialer.KA
* * * RIMOSSO * * *

[C:]
MASTER BOOT RECORD: OK
BOOT SECTOR: OK


Chiavi Registro infette: 1.
Files Infetti: 0.
Files Sospetti: 0.
Files Analizzati: 36128.
Files Totali: 36128.
Chiavi Registro rimosse: 1.
Virus Rimossi: 0.

[bdoriano]

In effetti, ha rimosso una chiave infetta ma non è la stessa a cui non abbiamo accesso.

Giusto per sicurezza, facciamo un altro controllo:

1. Scarica questo programma e salvalo in C:\
   
2. Clicca Start
   
3. Clicca Esegui...
   
4. Digita:

   Codice:

   cmd

   
   
   
5. Clicca su ok
   
6. si apre la finestra DOS, digita:
   

   Codice:

   CD \

   
   premi invio
   
7. digita:
   

   Codice:

   mbr -f

   
   premi invio
   
8. digita:
   

   Codice:

   exit

   
   premi invio
   
   
9. Riavvia il pc
   
10. Posta qui il contenuto del log C:\mbr.log

[nikman]

ecco il log:

Stealth MBR rootkit detector 0.2.4 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
kernel: MBR read successfully
user & kernel MBR OK

[nikman]

purtroppo poki minuti fa si è ripresentato l'icona internet connection solo ke questa volta antivir ha avvisato poco prima ed infatti mentre ho iniziato a fare la scansione si è disconnesso dalla mia linea installando sulle connessioni di rete la nuova icona. ti posto il log di antivir e per completezza quello di findawf fatto dopo la scansione di antivir;



Avira AntiVir Personal
Report file date: martedì 13 maggio 2008 19:38

Scanning for 1264213 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ANGELO-AF4A5C37

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 27/04/2008 09:37:11
AVSCAN.DLL : 8.1.1.0 53505 Bytes 27/04/2008 09:37:11
LUKE.DLL : 8.1.2.9 151809 Bytes 27/04/2008 09:37:12
LUKERES.DLL : 8.1.2.1 12033 Bytes 27/04/2008 09:37:12
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 09:37:12
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 17:31:09
ANTIVIR3.VDF : 7.0.4.33 166912 Bytes 13/05/2008 17:18:17
Engineversion : 8.1.0.42
AEVDF.DLL : 8.1.0.5 102772 Bytes 27/04/2008 09:37:13
AESCRIPT.DLL : 8.1.0.31 262522 Bytes 09/05/2008 22:02:53
AESCN.DLL : 8.1.0.16 119156 Bytes 08/05/2008 22:02:46
AERDL.DLL : 8.1.0.20 418165 Bytes 27/04/2008 09:37:13
AEPACK.DLL : 8.1.1.4 364918 Bytes 30/04/2008 09:23:51
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 27/04/2008 09:37:12
AEHEUR.DLL : 8.1.0.26 1237366 Bytes 09/05/2008 22:02:52
AEHELP.DLL : 8.1.0.14 115063 Bytes 27/04/2008 09:37:12
AEGEN.DLL : 8.1.0.20 299380 Bytes 08/05/2008 22:02:46
AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 22:02:45
AECORE.DLL : 8.1.0.28 168310 Bytes 08/05/2008 22:02:44
AVWINLL.DLL : 1.0.0.7 14593 Bytes 27/04/2008 09:37:11
AVPREF.DLL : 8.0.0.1 25857 Bytes 27/04/2008 09:37:11
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 27/04/2008 09:37:11
AVARKT.DLL : 1.0.0.23 307457 Bytes 27/04/2008 09:37:11
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 27/04/2008 09:37:11
SQLITE3.DLL : 3.3.17.1 339968 Bytes 27/04/2008 09:37:12
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 27/04/2008 09:37:12
NETNT.DLL : 8.0.0.1 7937 Bytes 27/04/2008 09:37:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 27/04/2008 09:37:08
RCTEXT.DLL : 8.0.32.0 86273 Bytes 27/04/2008 09:37:08

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: martedì 13 maggio 2008 19:38

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'AcroRd32.exe' - '1' Module(s) have been scanned
Scan process 'update.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'cmd.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'IEXPLORE.EXE' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'X10nets.exe' - '1' Module(s) have been scanned
Scan process 'VIRITSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'itouch.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb05.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
46 processes with 46 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Periferica non pronta.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Periferica non pronta.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Periferica non pronta.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Periferica non pronta.
Master boot sector HD5
[INFO] No virus was found!
[WARNING] Periferica non pronta.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '28' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Angelo\Impostazioni locali\Temporary Internet Files\Content.IE5\K1L2YIHN\a[1].php
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING]
Begin scan in 'D:\' <DATI>
Begin scan in 'E:\' <DVD>


End of the scan: martedì 13 maggio 2008 19:58
Used time: 19:32 min

The scan has been done completely.

4169 Scanning directories
170639 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
170638 Files not concerned
1145 Archives were scanned
7 Warnings
0 Notes


Find AWF report by noahdfear ©2006
Version 1.40



bak folders found
~~~~~~~~~~~

Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\WINDOWS\EHOME\BAK

17/08/2005 23.40 64.512 ehtray.exe
1 File 64.512 byte
2 Directory 54.098.313.216 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\WINDOWS\SYSTEM32\BAK

07/09/2004 14.00 15.360 ctfmon.exe
09/07/2001 12.50 155.648 NeroCheck.exe
2 File 171.008 byte
2 Directory 54.098.313.216 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\ANALOG~1\SOUNDMAX\BAK

23/09/2004 14.41 860.160 Smax4.exe
14/10/2004 11.11 1.388.544 SMax4PNP.exe
2 File 2.248.704 byte
2 Directory 54.098.309.120 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\LOGITECH\ITOUCH\BAK

01/12/2003 12.38 892.928 iTouch.exe
1 File 892.928 byte
2 Directory 54.098.309.120 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\NOKIA\NOKIAS~1\BAK

07/09/2007 15.44 3.100.672 NSLauncher.exe
1 File 3.100.672 byte
2 Directory 54.098.309.120 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\ADOBE\READER~1.0\READER\BAK

10/10/2007 20.51 39.792 Reader_sl.exe
1 File 39.792 byte
2 Directory 54.098.309.120 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\JAVA\JRE15~1.0_0\BIN\BAK

26/08/2005 19.14 36.975 jusched.exe
1 File 36.975 byte
2 Directory 54.098.309.120 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\PROGRA~1\ADOBE\PHOTOS~1\3.0\APPS\BAK

07/07/2005 18.41 57.344 apdproxy.exe
1 File 57.344 byte
2 Directory 54.098.309.120 byte disponibili
Il volume nell'unit? C non ha etichetta.
Numero di serie del volume: 247A-1CD2

Directory di C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

21/06/2002 12.28 188.416 hpztsb05.exe
1 File 188.416 byte
2 Directory 54.098.309.120 byte disponibili


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

59392 10 Aug 2004 "C:\WINDOWS\$NtUninstallKB900325$\ehtray.exe"
64512 17 Aug 2005 "C:\WINDOWS\ehome\ehtray.exe"
64512 17 Aug 2005 "C:\WINDOWS\ehome\bak\ehtray.exe"
15360 7 Sep 2004 "C:\WINDOWS\system32\ctfmon.exe"
15360 7 Sep 2004 "C:\WINDOWS\system32\bak\ctfmon.exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\nerocheck .exe"
155648 9 Jul 2001 "C:\WINDOWS\system32\bak\NeroCheck.exe"
860160 23 Sep 2004 "C:\Programmi\Analog Devices\SoundMAX\Smax4.exe"
860160 23 Sep 2004 "C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe"
1388544 14 Oct 2004 "C:\Programmi\Analog Devices\SoundMAX\bak\SMax4PNP.exe"
892928 1 Dec 2003 "C:\Programmi\Logitech\iTouch\bak\iTouch.exe"
3100672 7 Sep 2007 "C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe"
327680 22 Dec 2007 "C:\WINDOWS\Installer\{A8C856AD-63CD-4613-AA29-E6C85607EA06}\NSLauncher2_8C75ED63874746D18905B6C4AF1D7A30.exe"
3100672 7 Sep 2007 "C:\Programmi\Nokia\Nokia Software Launcher\bak\NSLauncher.exe"
39792 10 Oct 2007 "C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe"
39792 10 Oct 2007 "C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe"
36975 26 Aug 2005 "C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe"
144784 22 Feb 2008 "C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe"
36975 26 Aug 2005 "C:\Programmi\Java\jre1.5.0_05\bin\bak\jusched.exe"
57344 7 Jul 2005 "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
57344 7 Jul 2005 "C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe"
188416 21 Jun 2002 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb05.exe"


end of report

[bdoriano]

[nikman]

la versione di IE è la 6 mentre il sito ke stavo visitando è uno di quelli visitati spesso ma è la prima volta ke anitivir mi avvisava, cmq credo il sito dovrebbe o di scommesse (snai o matchpoint) o il sito di tiscali ma nn ne sono sicuro, cmq si tratta diun sito normalissimo).
Eccoti invece il log di combofix :

ComboFix 08-05-11.1 - Angelo 2008-05-13 21.15.46.11 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.623 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Angelo\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-04-13 al 2008-05-13 )))))))))))))))))))))))))))))))))))
.

2008-05-12 21:16 . 2008-05-12 21:16 66,048 --a------ C:\mbr.exe
2008-05-12 20:04 . 2008-05-12 20:04 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-12 20:03 . 2008-05-13 20:01 <DIR> d-------- C:\VEXPLITE
2008-04-29 01:23 . 2008-04-29 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2008-04-27 11:34 . 2008-04-27 11:34 <DIR> d-------- C:\Programmi\Avira
2008-04-27 11:34 . 2008-04-27 11:34 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-04-26 12:41 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-25 17:12 . 2008-05-01 22:28 3,100,704 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-25 17:12 . 2008-05-01 22:28 39,500 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-23 22:16 . 2008-05-03 09:34 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-23 21:04 . 2008-04-23 21:04 <DIR> d-------- C:\Programmi\CCleaner
2008-04-23 16:19 . 2008-05-12 13:06 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-21 21:36 . 2005-08-17 23:40 64,512 --a--c--- C:\WINDOWS\system32\dllcache\ehtray.exe
2008-04-21 21:28 . 2008-04-21 21:28 6,144 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-04-16 13:15 . 2008-04-16 13:15 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-04-16 13:14 . 2008-04-16 13:14 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\AVG7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 13:29 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\Skype
2008-05-11 14:09 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\SopCast
2008-05-11 08:41 --------- d-----w C:\Programmi\C6 Messenger
2008-05-06 19:06 --------- d-----w C:\Programmi\eMule
2008-05-02 19:25 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2008-04-27 12:25 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\Lavasoft
2008-04-26 10:41 --------- d-----w C:\Programmi\Java
2008-04-17 11:08 --------- d-----w C:\Programmi\DivX
2008-04-16 11:15 --------- d-----w C:\Programmi\SopCast
2008-04-02 11:08 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-04-02 11:08 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\skypePM
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:31 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-28 11:30 69,176 ----a-w C:\Documents and Settings\Angelo\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

[bdoriano]

Crea un file di testo con le seguenti istruzioni:

[nikman]

per quanto riguarda IE7 sto già provvedendo insieme agli aggiornamenti mentre per vedere il sito ke fa scattare l'allarme ci vorrà + tempo; ecco il log di combofix:

ComboFix 08-05-11.1 - Angelo 2008-05-13 22.49.13.12 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1040.18.675 [GMT 2:00]
Eseguito da: C:\Documents and Settings\Angelo\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Angelo\Desktop\CFScript.txt
* Creato nuovo punto di ripristino

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Creati Da 2008-04-13 al 2008-05-13 )))))))))))))))))))))))))))))))))))
.

2008-05-12 21:16 . 2008-05-12 21:16 66,048 --a------ C:\mbr.exe
2008-05-12 20:04 . 2008-05-12 20:04 39,808 --a------ C:\WINDOWS\system32\drivers\VIRAGTLT.SYS
2008-05-12 20:03 . 2008-05-13 22:44 <DIR> d-------- C:\VEXPLITE
2008-04-29 01:23 . 2008-04-29 01:23 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\nView_Profiles
2008-04-27 11:34 . 2008-04-27 11:34 <DIR> d-------- C:\Programmi\Avira
2008-04-27 11:34 . 2008-04-27 11:34 <DIR> d-------- C:\Documents and Settings\All Users\Dati applicazioni\Avira
2008-04-26 12:41 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-04-25 17:12 . 2008-05-01 22:28 3,100,704 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-04-25 17:12 . 2008-05-01 22:28 39,500 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-04-23 22:16 . 2008-05-03 09:34 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-04-23 21:04 . 2008-04-23 21:04 <DIR> d-------- C:\Programmi\CCleaner
2008-04-23 16:19 . 2008-05-12 13:06 1,024 --ah----- C:\WINDOWS\system32\config\systemprofile\ntuser.dat.LOG
2008-04-21 21:36 . 2005-08-17 23:40 64,512 --a--c--- C:\WINDOWS\system32\dllcache\ehtray.exe
2008-04-21 21:28 . 2008-04-21 21:28 6,144 --ahs---- C:\WINDOWS\system32\Thumbs.db
2008-04-16 13:15 . 2008-04-16 13:15 <DIR> d-------- C:\Programmi\File comuni\Skype
2008-04-16 13:14 . 2008-04-16 13:14 <DIR> d-------- C:\Documents and Settings\LocalService\Dati applicazioni\AVG7

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-13 13:29 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\Skype
2008-05-11 14:09 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\SopCast
2008-05-11 08:41 --------- d-----w C:\Programmi\C6 Messenger
2008-05-06 19:06 --------- d-----w C:\Programmi\eMule
2008-05-02 19:25 737,280 -c--a-w C:\WINDOWS\iun6002.exe
2008-04-27 12:25 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\Lavasoft
2008-04-26 10:41 --------- d-----w C:\Programmi\Java
2008-04-17 11:08 --------- d-----w C:\Programmi\DivX
2008-04-16 11:15 --------- d-----w C:\Programmi\SopCast
2008-04-02 11:08 32 ----a-w C:\Documents and Settings\All Users\Dati applicazioni\ezsid.dat
2008-04-02 11:08 --------- d-----w C:\Documents and Settings\Angelo\Dati applicazioni\skypePM
2008-03-31 21:25 831,488 ----a-w C:\WINDOWS\system32\divx_xx0a.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx0c.dll
2008-03-31 21:25 823,296 ----a-w C:\WINDOWS\system32\divx_xx07.dll
2008-03-31 21:25 802,816 ----a-w C:\WINDOWS\system32\divx_xx11.dll
2008-03-31 21:25 682,496 ----a-w C:\WINDOWS\system32\DivX.dll
2008-03-31 21:25 161,096 -c--a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2008-03-21 20:30 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-03-21 20:30 3,596,288 -c--a-w C:\WINDOWS\system32\qt-dx331.dll
2008-03-21 20:30 200,704 -c--a-w C:\WINDOWS\system32\ssldivx.dll
2008-03-21 20:30 1,044,480 -c--a-w C:\WINDOWS\system32\libdivx.dll
2008-03-21 20:28 81,920 ----a-w C:\WINDOWS\system32\dpl100.dll
2008-03-21 20:28 593,920 -c--a-w C:\WINDOWS\system32\dpuGUI11.dll
2008-03-21 20:28 57,344 -c--a-w C:\WINDOWS\system32\dpv11.dll
2008-03-21 20:28 53,248 -c--a-w C:\WINDOWS\system32\dpuGUI10.dll
2008-03-21 20:28 344,064 -c--a-w C:\WINDOWS\system32\dpus11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu11.dll
2008-03-21 20:28 294,912 -c--a-w C:\WINDOWS\system32\dpu10.dll
2008-03-21 20:28 196,608 -c--a-w C:\WINDOWS\system32\dtu100.dll
2008-03-21 20:28 12,288 -c--a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-03-20 08:06 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-02-20 06:50 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 05:33 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-16 09:31 668,672 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-28 11:30 69,176 ----a-w C:\Documents and Settings\Angelo\Dati applicazioni\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot_2008-05-05_23.19.20,85 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-05-05 20:21:32 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-05-13 20:44:33 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 57,344 2005-07-07 16:41:54 C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\bak\apdproxy.exe
----a-w 57,344 2005-07-07 16:41:54 C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe

----a-w 39,792 2007-10-10 18:51:55 C:\Programmi\Adobe\Reader 8.0\Reader\bak\Reader_sl.exe
----a-w 39,792 2007-10-10 18:51:55 C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe

-c--a-w 860,160 2004-09-23 12:41:54 C:\Programmi\Analog Devices\SoundMAX\bak\Smax4.exe
----a-w 860,160 2004-09-23 12:41:54 C:\Programmi\Analog Devices\SoundMAX\Smax4.exe

-c--a-w 1,388,544 2004-10-14 09:11:10 C:\Programmi\Analog Devices\SoundMAX\bak\SMax4PNP.exe
----a-w 1,388,544 2004-10-14 09:11:10 C:\Programmi\Analog Devices\SoundMAX\smax4pnp.exe

-c--a-w 36,975 2005-08-26 17:14:44 C:\Programmi\Java\jre1.5.0_05\bin\bak\jusched.exe
----a-w 36,975 2005-08-26 17:14:44 C:\Programmi\Java\jre1.5.0_05\bin\jusched.exe

-c--a-w 892,928 2003-12-01 10:38:16 C:\Programmi\Logitech\iTouch\bak\iTouch.exe
----a-w 892,928 2003-12-01 10:38:16 C:\Programmi\Logitech\iTouch\itouch.exe

----a-w 3,100,672 2007-09-07 13:44:30 C:\Programmi\Nokia\Nokia Software Launcher\bak\NSLauncher.exe
----a-w 3,100,672 2007-09-07 13:44:30 C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe

-c--a-w 64,512 2005-08-17 21:40:06 C:\WINDOWS\ehome\bak\ehtray.exe
----a-w 64,512 2005-08-17 21:40:06 C:\WINDOWS\ehome\ehtray.exe

----a-w 15,360 2004-09-07 12:00:00 C:\WINDOWS\system32\bak\ctfmon.exe
----a-w 15,360 2004-09-07 12:00:00 C:\WINDOWS\system32\ctfmon.exe

-c--a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\bak\NeroCheck.exe
----a-w 155,648 2001-07-09 10:50:42 C:\WINDOWS\system32\nerocheck.exe

-c--a-w 188,416 2002-06-21 10:28:47 C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\hpztsb05.exe
----a-w 188,416 2002-06-21 10:28:47 C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe

.
((((((((((((((((((((((((((((((((((((( Punti Reg Caricati ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* i valori vuoti & legittimi/default non sono visualizzati.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-09-07 14:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-08-17 23:40 64512]
"SunJavaUpdateSched"="C:\Programmi\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SoundMAXPnP"="C:\Programmi\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 11:11 1388544]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-01-05 12:31 7323648]
"nwiz"="nwiz.exe" [2006-01-05 12:31 1519616 C:\WINDOWS\system32\nwiz.exe]
"AdslTaskBar"="stmctrl.dll" [2003-01-22 13:01 151552 C:\WINDOWS\system32\stmctrl.dll]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe" [2002-06-21 12:28 188416]
"zBrowser Launcher"="C:\Programmi\Logitech\iTouch\iTouch.exe" [2003-12-01 12:38 892928]
"Adobe Photo Downloader"="C:\Programmi\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-07-07 18:41 57344]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"Adobe Reader Speed Launcher"="C:\Programmi\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51 39792]
"NSLauncher"="C:\Programmi\Nokia\Nokia Software Launcher\NSLauncher.exe" [2007-09-07 15:44 3100672]
"avgnt"="C:\Programmi\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-04-27 11:37 262401]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-09-07 14:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IETI"="C:\Programmi\Skype\Phone\IEPlugin\unins000.exe" [ ]

C:\Documents and Settings\All Users\Menu Avvio\Programmi\Esecuzione automatica\
Microsoft Office.lnk - C:\Programmi\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codec"= l3codecp.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Programmi\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Programmi\\MSN Messenger\\msnmsgr.exe"=
"C:\\Programmi\\MSN Messenger\\livecall.exe"=
"C:\\Programmi\\C6 Messenger\\plugin\\fsmodule\\C6FileSharing.exe"=
"C:\\Programmi\\eMule\\emule.exe"=
"C:\\Programmi\\C6 Messenger\\c6Messenger.exe"=
"C:\\Documents and Settings\\Angelo\\Dati applicazioni\\SopCast\\adv\\SopAdver.exe"=
"C:\\Programmi\\SopCast\\SopCast.exe"=
"C:\\Programmi\\Internet Explorer\\IEXPLORE.EXE"=
"C:\\Programmi\\Skype\\Phone\\Skype.exe"=

R0 VIRAGTLT;VIRAGTLT;C:\WINDOWS\system32\drivers\VIRAGTLT.SYS [2008-05-12 20:04]
R2 viritsvclite;Virit eXplorer Lite;C:\VEXPLITE\viritsvc.exe [2008-05-13 20:01]
R3 3xHybrid;3xHybrid service;C:\WINDOWS\system32\DRIVERS\3xHybrid.sys [2006-01-24 17:45]
R3 Stmatm;ATM/ADSL miniport;C:\WINDOWS\system32\DRIVERS\stmatm.sys [2002-09-25 08:37]
R3 TaurusUsb;ADSL Modem USB Service 1.09a;C:\WINDOWS\system32\DRIVERS\torususb.sys [2003-01-09 16:21]
R3 usbstor;Driver archiviazione di massa USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-09-07 14:00]
R3 X10Hid;X10 Hid Device;C:\WINDOWS\system32\Drivers\x10hid.sys [2005-11-28 11:45]
S1 as6eio;as6eio;C:\WINDOWS\system32\drivers\as6eio.sys []

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-13 22:50:38
Windows 5.1.2600 Service Pack 2 NTFS

scansione processi nascosti ...

scansione entrate autostart nascoste ...

Scansione files nascosti ...

Scansione completata con successo
Files nascosti: 0

**************************************************************************
.
Ora fine scansione: 2008-05-13 22.51.16
ComboFix-quarantined-files.txt 2008-05-13 20:51:10
ComboFix2.txt 2008-05-13 19:17:33
ComboFix3.txt 2008-05-12 18:00:07
ComboFix4.txt 2008-05-12 11:07:51
ComboFix5.txt 2008-05-05 21:19:42

10 Directory 54,115,446,784 byte disponibili
12 Directory 54,142,357,504 byte disponibili

177 --- E O F --- 2008-04-16 11:19:22

[nikman]

l'allarme ke anitivir ha rilevato si è ripresentato anke stasera e in quel momento erano aperti come sempre i messanger di yahoo, msn e C6 inoltre erano aperte le chat di tiscali e lycos e il sito di libero come pagina iniziale ma preciso ke l'allarme è scattao appena kiusa la pagina della chat di lycos ( http://it.worldsbiggestchat.com/client/?z=1210790972584) e a differenza di ieri sera durante la scansione nn si è disconesso, almeno sinora. ti posto come informazione maggiore il log della scansione di antivir:

Avira AntiVir Personal
Report file date: mercoledì 14 maggio 2008 20:21

Scanning for 1265410 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ANGELO-AF4A5C37

Version information:
BUILD.DAT : 8.1.00.295 16479 Bytes 09/04/2008 16:24:00
AVSCAN.EXE : 8.1.2.12 311553 Bytes 27/04/2008 09:37:11
AVSCAN.DLL : 8.1.1.0 53505 Bytes 27/04/2008 09:37:11
LUKE.DLL : 8.1.2.9 151809 Bytes 27/04/2008 09:37:12
LUKERES.DLL : 8.1.2.1 12033 Bytes 27/04/2008 09:37:12
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 13:27:15
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 09:37:12
ANTIVIR2.VDF : 7.0.4.0 1554432 Bytes 05/05/2008 17:31:09
ANTIVIR3.VDF : 7.0.4.36 181248 Bytes 14/05/2008 10:58:19
Engineversion : 8.1.0.42
AEVDF.DLL : 8.1.0.5 102772 Bytes 27/04/2008 09:37:13
AESCRIPT.DLL : 8.1.0.31 262522 Bytes 09/05/2008 22:02:53
AESCN.DLL : 8.1.0.16 119156 Bytes 08/05/2008 22:02:46
AERDL.DLL : 8.1.0.20 418165 Bytes 27/04/2008 09:37:13
AEPACK.DLL : 8.1.1.4 364918 Bytes 30/04/2008 09:23:51
AEOFFICE.DLL : 8.1.0.18 192890 Bytes 27/04/2008 09:37:12
AEHEUR.DLL : 8.1.0.26 1237366 Bytes 09/05/2008 22:02:52
AEHELP.DLL : 8.1.0.14 115063 Bytes 27/04/2008 09:37:12
AEGEN.DLL : 8.1.0.20 299380 Bytes 08/05/2008 22:02:46
AEEMU.DLL : 8.1.0.6 430451 Bytes 08/05/2008 22:02:45
AECORE.DLL : 8.1.0.28 168310 Bytes 08/05/2008 22:02:44
AVWINLL.DLL : 1.0.0.7 14593 Bytes 27/04/2008 09:37:11
AVPREF.DLL : 8.0.0.1 25857 Bytes 27/04/2008 09:37:11
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24
AVREG.DLL : 8.0.0.0 30977 Bytes 27/04/2008 09:37:11
AVARKT.DLL : 1.0.0.23 307457 Bytes 27/04/2008 09:37:11
AVEVTLOG.DLL : 8.0.0.11 114945 Bytes 27/04/2008 09:37:11
SQLITE3.DLL : 3.3.17.1 339968 Bytes 27/04/2008 09:37:12
SMTPLIB.DLL : 1.2.0.19 28929 Bytes 27/04/2008 09:37:12
NETNT.DLL : 8.0.0.1 7937 Bytes 27/04/2008 09:37:12
RCIMAGE.DLL : 8.0.0.35 2371841 Bytes 27/04/2008 09:37:08
RCTEXT.DLL : 8.0.32.0 86273 Bytes 27/04/2008 09:37:08

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\programmi\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, E:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mercoledì 14 maggio 2008 20:21

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'guardgui.exe' - '1' Module(s) have been scanned
Scan process 'cmd.exe' - '1' Module(s) have been scanned
Scan process 'C6FileSharing.exe' - '1' Module(s) have been scanned
Scan process 'c6Messenger.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'YahooMessenger.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'iexplore.exe' - '1' Module(s) have been scanned
Scan process 'ehmsas.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'dllhost.exe' - '1' Module(s) have been scanned
Scan process 'mcrdsvc.exe' - '1' Module(s) have been scanned
Scan process 'X10nets.exe' - '1' Module(s) have been scanned
Scan process 'VIRITSVC.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'mdm.exe' - '1' Module(s) have been scanned
Scan process 'ehSched.exe' - '1' Module(s) have been scanned
Scan process 'ehrecvr.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'itouch.exe' - '1' Module(s) have been scanned
Scan process 'hpztsb05.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'smax4pnp.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'ehtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
47 processes with 47 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] Periferica non pronta.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] Periferica non pronta.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] Periferica non pronta.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] Periferica non pronta.
Master boot sector HD5
[INFO] No virus was found!
[WARNING] Periferica non pronta.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'E:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '28' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\Angelo\File temporanei Internet\Content.IE5\YSL4HPBA\a[1].php
[DETECTION] Is the Trojan horse TR/Dropper.Gen
[NOTE] The file was moved to '485c2e62.qua'!
Begin scan in 'D:\' <DATI>
Begin scan in 'E:\' <DVD>


End of the scan: mercoledì 14 maggio 2008 20:39
Used time: 18:45 min

The scan has been done completely.

4289 Scanning directories
168670 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
1 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
168669 Files not concerned
1079 Archives were scanned
6 Warnings
1 Notes

[nikman]

scusami ho dimenticato di scrivere ke da ieri sera è installato IE7 come rikiesto con i dovuti aggioramenti. grazie

[bdoriano]

In fase di chiusura, compare qualche pagina pubblicitaria?
Hai provato a verificare se, usando FireFox o Opera, ottieni lo stesso effetto?

[nikman]

ti posso confermare ke nn si apre nessuna pagina pubblicitaria anke xkè i popup sono disattivati, invece nn avendo mai avuto firefox o opera dovrei verificare se avviene o meno.

[bdoriano]

Appena posso, faccio dei test sul link che hai mandato.
Magari uno dei servizi di lycos è stato "bucato".